, accès La définition formelle du langage de contraintes a été donnée par l'équation 5.6. Pour l'appliquer au contrôle d'accès, les contextes de sécurité sont issus de l'ensemble SC AC . Par exemple, la règle enableAddSC(sc admin , apache
, Organization based access control, 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), pp.120-131, 2003.
, Intrusion detection and security policy framework for distributed environments, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems (CTS'05), pp.100-106, 2005.
URL : https://hal.archives-ouvertes.fr/hal-00083320
, Multi-level intrusion detection system (MIDS), The 4th Conference on Security and Network Architectures (SAR'05), pp.145-155, 2005.
URL : https://hal.archives-ouvertes.fr/hal-00083309
, A generalized framework for access control : An informal description, The 13th National Computer Security Conference, pp.135-143, 1990.
, Domain and policy based management : Concepts and implementation architecture, The Fifth IFIP/IEEE International Workshop on Distributed Systems : Operations and Management (DSOM '94), 1994.
, Computer security technology planning study, 1972.
, A domain and type enforcement UNIX prototype, Proceedings of the 5th USENIX UNIX Security Symposium, pp.127-140, 1995.
, Concerning 'modeling' of computer security, Proceedings. 1988 IEEE Symposium on Security and Privacy, pp.8-13, 1988.
DOI : 10.1109/SECPRI.1988.8093
, Secure computer systems : Mathematical foundations and model, 1973.
, Meta-policies for distributed role-based access control systems, Proceedings Third International Workshop on Policies for Distributed Systems and Networks, pp.106-115, 2002.
DOI : 10.1109/POLICY.2002.1011298
, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems, vol.17, issue.2, pp.101-140, 1999.
DOI : 10.1145/306686.306687
, Supporting multiple access control policies in database systems, Proceedings 1996 IEEE Symposium on Security and Privacy, pp.94-109, 1996.
DOI : 10.1109/SECPRI.1996.502673
, Integrity considerations for secure computer systems, 1975.
, A configuration-based environment for dealing with multiple security policies in open distributed systems, 2nd European Research Seminar on Advances in Distributed Systems, pp.240-245, 1997.
, Dealing with multi-policy security in large open distributed systems, The 5th European Symposium on Research in Computer Security ESORICS, volume 1485 de Lecture Notes in Computer Science, pp.51-66, 1998.
DOI : 10.1007/BFb0055855
URL : https://hal.archives-ouvertes.fr/inria-00073578
, Trusted Linux systems and application to cluster architecture éditeurs : The, The Society for Modeling and Simulation International -SCS, pp.29-34, 2004.
, Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), pp.153-156, 2006.
DOI : 10.1109/POLICY.2006.15
URL : https://hal.archives-ouvertes.fr/hal-00082278
, Hardening large-scale networks security through a meta-policy framework, éditeurs : Third Workshop on the Internet, Telecommunications and Signal Processing, pp.132-137, 2004.
URL : https://hal.archives-ouvertes.fr/hal-00083400
, Amélioration de la sécurité des grands réseaux par une infrastructure de métapolitique, Colloque Francophone sur l'Ingénierie des Protocoles (CFIP'05), pp.517-530, 2005.
, Mandatory access control on distributed systems : A metapolicy framework, The First Colloquium on Risk and Security of the Internet and Systems (CRiSIS 2005), pp.133-144, 2005.
URL : https://hal.archives-ouvertes.fr/hal-00083435
, A novel approach for distributed updates of MAC policies using a meta-protection framework, de Rennes, U., éditeur : The 15th IEEE International Symposium on Software Reliability Engineering (ISSRE 2004) Supplementary Proceedings, pp.29-30, 2004.
URL : https://hal.archives-ouvertes.fr/hal-00083215
, A practical alternative to hierarchical integrity policies, The 8th National Computer Security Conference, pp.18-27, 1985.
, The Chinese Wall security policy, Proceedings. 1989 IEEE Symposium on Security and Privacy, pp.206-214, 1989.
DOI : 10.1109/SECPRI.1989.36295
, Détection d'intrusions fondée sur un modèle de méta-politique de sécurité : analyse de graphes d'interaction et architecture multi-niveaux, Thèse de doctorat, 2007.
, A collaborative approach for access control, intrusion detection and security testing, éditeurs : Proceedings of the 2006 International Symposium on Collaborative Technologies and Systems, Special Session on Multi Agent Systems and Collaboration, pp.270-278, 2006.
, Collaboration between MAC policies and ids based on a meta-policy approach, éditeurs : Proceedings of the Workshop on Collaboration and Security (COLSEC'06), pp.48-55, 2006.
URL : https://hal.archives-ouvertes.fr/hal-00081640
, A comparison of commercial and military computer security policies, Proceedings of the IEEE Symposium on Security and Privacy, pp.184-194, 1987.
, Modelling contexts in the Or-BAC model, 19th Annual Computer Security Applications Conference, 2003. Proceedings., 2003.
DOI : 10.1109/CSAC.2003.1254346
, Ponder : A language for specifying security and management policies for distributed systems, 2000.
, Administration Model for Or-BAC, Cuppens et A. Miège Workshop on Metadata for Security, International Federated Conferences (OTM'03), pp.754-768, 2003.
DOI : 10.1007/978-3-540-39962-9_76
, AdOrBAC : An Administration Model for Or-BAC. Special issue of the, Cuppens et A. Miège, 2004.
, Role-Based Access Control (RBAC) : Features and Motivations, 11th Annual Computer Security Applications Conference (ACSAC), 1995.
, Role-based access controls, 15th National Computer Security Conference, pp.554-563, 1992.
, Information Flow in Operating Systems : Eager Formal Methods, Workshop on Issues in the Theory of Security (WITS'03), 2003.
, Verifying information flow goals in Security-Enhanced Linux, Journal of Computer Security, vol.13, issue.1, pp.115-134, 2005.
DOI : 10.3233/JCS-2005-13105
, Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976.
DOI : 10.1145/360303.360333
, Achieving Security Goals with Security-Enhanced Linux, 2002.
, Metapolicies I, ACM SIGSAC Review, vol.10, issue.2-3, pp.18-43, 1992.
DOI : 10.1145/147092.147097
, Metapolicies II, The 15th National Computer Security Conference, pp.369-378, 1992.
, The multipolicy paradigm for trusted systems, Proceedings on the 1992-1993 workshop on New security paradigms , NSPW '92-93, pp.19-32, 1993.
DOI : 10.1145/283751.283768
, Flexible support for multiple access control policies, ACM Transactions on Database Systems, vol.26, issue.2, pp.214-260, 2001.
DOI : 10.1145/383891.383894
, A Unified Framework for Enforcing Multiple Access Control Policies, Proceedings of the 1997 ACM SIGMOD International Conference on Management of Data, pp.474-485, 1997.
, On Paradigms for Security Policies in Multipolicy Environments, 11th IFIP International Information Security Conference, 1995.
DOI : 10.1007/978-0-387-34873-5_32
, Dynamic protection structures, Proceedings of the November 18-20, 1969, fall joint computer conference on, AFIPS '69 (Fall), pp.27-38, 1969.
DOI : 10.1145/1478559.1478563
, Protection, The 5th Symposium on Information Sciences and Systems, pp.437-443, 1971.
DOI : 10.1145/775265.775268
, Integrating flexible support for security policies into the linux operating system, Proceedings of the FREENIX Track : 2001 USENIX Annual Technical Conference (FREENIX '01). USENIX, 2001.
, The Inevitability of Failure : The Flawed Assumption of Security in Modern Computing Environments, Proceedings of the 21st National Information Systems Security Conference, pp.303-314, 1998.
, Conflicts in policy-based distributed systems management, IEEE Transactions on Software Engineering, vol.25, issue.6, pp.852-896, 1999.
DOI : 10.1109/32.824414
, Management policy specification, 1993.
, Reasoning About Security Models, 1987 IEEE Symposium on Security and Privacy, pp.123-131, 1987.
DOI : 10.1109/SP.1987.10020
, Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems, ACM Transactions on Software Engineering and Methodology, vol.9, issue.3, pp.273-305, 2000.
DOI : 10.1145/352591.352592
, The representation of policies as system objects, The Conference on Organizational Computer Systems, pp.171-184, 1991.
, Policy conflict analysis in distributed system management, Journal of Organizational Computing, vol.3, issue.1, pp.1-22, 1993.
DOI : 10.1080/10919399409540214
, Policy hierarchies for distributed systems management, IEEE Journal on Selected Areas in Communications, vol.11, issue.9, pp.1404-1414, 1993.
DOI : 10.1109/49.257932
, Specifying discretionary access control policy for distributed systems, Computer Communications, vol.13, issue.9, pp.571-580, 1990.
DOI : 10.1016/0140-3664(90)90008-5
, Recent developments in selinux kernel performance, 2004.
, Rule set based access control as proposed in the 'generalized framework for access control' approach in linux, 1997.
, The rule set based access control (RSBAC) linux kernel security extension, Proceedings of the 8th International Linux Kongress, 2001.
, RSBAC benchmarks, 2006.
, Distributed access control for carrier class clusters, Proceedings of the Parallel and Distributed Processing Techniques and Applications (PDPTA '03) Conference, 2003.
, The schematic protection model: its definition and analysis for acyclic attenuating schemes, Journal of the ACM, vol.35, issue.2, pp.404-432, 1988.
DOI : 10.1145/42282.42286
, The typed access matrix model, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.122-136, 1992.
DOI : 10.1109/RISP.1992.213266
, Role-based access control models, Computer, vol.29, issue.2, pp.38-47, 1996.
DOI : 10.1109/2.485845
, Policy driven management for distributed systems, Journal of Network and Systems Management, vol.III, issue.No. 8, pp.333-360, 1994.
DOI : 10.1007/BF02283186
, An architecture for managing distributed systems, 1993 4th Workshop on Future Trends of Distributed Computing Systems, pp.40-46, 1993.
DOI : 10.1109/FTDCS.1993.344178
, Domino domains and policies : An introduction to the project results, 1992.
, A Security Policy Configuration for the Security-Enhanced Linux, 2000.
, Implementing SELinux as a linux security module, 2001.
, The Flask security architecture : System support for diverse security policies, Proceedings of The Eighth USENIX Security Symposium, pp.123-129, 1999.
, Detection, prevention, and containment : A study of grsecurity, Libre Software Meeting 2002 (LSM2002), 2002.
, Increasing performance and granularity in role-based access control systems, 2005.
, Confining Root Programs with Domain and Type Enforcement, Proceedings of The Sixth USENIX Security Symposium, pp.21-36, 1996.
, Policies in network and systems management???Formal definition and architecture, Journal of Network and Systems Management, vol.2, issue.1, pp.63-83, 1994.
DOI : 10.1007/BF02141605