. Langage-neutre-de-contraintes-sur-le-contrôle-d, accès La définition formelle du langage de contraintes a été donnée par l'équation 5.6. Pour l'appliquer au contrôle d'accès, les contextes de sécurité sont issus de l'ensemble SC AC . Par exemple, la règle enableAddSC(sc admin , apache

. Bibliographie-[-abou-el and . Kalam, Organization based access control, 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), pp.120-131, 2003.

A. El and K. , Intrusion detection and security policy framework for distributed environments, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems (CTS'05), pp.100-106, 2005.
URL : https://hal.archives-ouvertes.fr/hal-00083320

A. El and K. , Multi-level intrusion detection system (MIDS), The 4th Conference on Security and Network Architectures (SAR'05), pp.145-155, 2005.
URL : https://hal.archives-ouvertes.fr/hal-00083309

. Abrams, A generalized framework for access control : An informal description, The 13th National Computer Security Conference, pp.135-143, 1990.

A. Et-plansky-alpers, B. Et-plansky, and H. , Domain and policy based management : Concepts and implementation architecture, The Fifth IFIP/IEEE International Workshop on Distributed Systems : Operations and Management (DSOM '94), 1994.

J. P. Anderson, Computer security technology planning study, 1972.

. Badger, A domain and type enforcement UNIX prototype, Proceedings of the 5th USENIX UNIX Security Symposium, pp.127-140, 1995.

D. E. Bell, Concerning 'modeling' of computer security, Proceedings. 1988 IEEE Symposium on Security and Privacy, pp.8-13, 1988.
DOI : 10.1109/SECPRI.1988.8093

L. P. Bell, D. E. Bell, and L. J. Et-la-padula, Secure computer systems : Mathematical foundations and model, 1973.

A. Belokosztolszki and K. Et-moody, Meta-policies for distributed role-based access control systems, Proceedings Third International Workshop on Policies for Distributed Systems and Networks, pp.106-115, 2002.
DOI : 10.1109/POLICY.2002.1011298

. Bertino, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems, vol.17, issue.2, pp.101-140, 1999.
DOI : 10.1145/306686.306687

. Bertino, Supporting multiple access control policies in database systems, Proceedings 1996 IEEE Symposium on Security and Privacy, pp.94-109, 1996.
DOI : 10.1109/SECPRI.1996.502673

K. J. Biba, Integrity considerations for secure computer systems, 1975.

C. Bidan and V. Et-issarny, A configuration-based environment for dealing with multiple security policies in open distributed systems, 2nd European Research Seminar on Advances in Distributed Systems, pp.240-245, 1997.

C. Bidan and V. Et-issarny, Dealing with multi-policy security in large open distributed systems, The 5th European Symposium on Research in Computer Security ESORICS, volume 1485 de Lecture Notes in Computer Science, pp.51-66, 1998.
DOI : 10.1007/BFb0055855

URL : https://hal.archives-ouvertes.fr/inria-00073578

W. W. Smari and W. Et-mcquay, Trusted Linux systems and application to cluster architecture éditeurs : The, The Society for Modeling and Simulation International -SCS, pp.29-34, 2004.

. Blanc, Distributed Control Enabling Consistent MAC Policies and IDS Based on a Meta-Policy Approach, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), pp.153-156, 2006.
DOI : 10.1109/POLICY.2006.15

URL : https://hal.archives-ouvertes.fr/hal-00082278

. Blanc, Hardening large-scale networks security through a meta-policy framework, éditeurs : Third Workshop on the Internet, Telecommunications and Signal Processing, pp.132-137, 2004.
URL : https://hal.archives-ouvertes.fr/hal-00083400

. Blanc, Amélioration de la sécurité des grands réseaux par une infrastructure de métapolitique, Colloque Francophone sur l'Ingénierie des Protocoles (CFIP'05), pp.517-530, 2005.

. Blanc, Mandatory access control on distributed systems : A metapolicy framework, The First Colloquium on Risk and Security of the Internet and Systems (CRiSIS 2005), pp.133-144, 2005.
URL : https://hal.archives-ouvertes.fr/hal-00083435

. Blanc, A novel approach for distributed updates of MAC policies using a meta-protection framework, de Rennes, U., éditeur : The 15th IEEE International Symposium on Software Reliability Engineering (ISSRE 2004) Supplementary Proceedings, pp.29-30, 2004.
URL : https://hal.archives-ouvertes.fr/hal-00083215

W. E. Boebert and R. Y. Et-kain, A practical alternative to hierarchical integrity policies, The 8th National Computer Security Conference, pp.18-27, 1985.

D. F. Brewer and M. J. Nash, The Chinese Wall security policy, Proceedings. 1989 IEEE Symposium on Security and Privacy, pp.206-214, 1989.
DOI : 10.1109/SECPRI.1989.36295

J. Briffaut, Détection d'intrusions fondée sur un modèle de méta-politique de sécurité : analyse de graphes d'interaction et architecture multi-niveaux, Thèse de doctorat, 2007.

W. W. Smari and W. Et-mcquay, A collaborative approach for access control, intrusion detection and security testing, éditeurs : Proceedings of the 2006 International Symposium on Collaborative Technologies and Systems, Special Session on Multi Agent Systems and Collaboration, pp.270-278, 2006.

. Briffaut, Collaboration between MAC policies and ids based on a meta-policy approach, éditeurs : Proceedings of the Workshop on Collaboration and Security (COLSEC'06), pp.48-55, 2006.
URL : https://hal.archives-ouvertes.fr/hal-00081640

C. , W. Clark, D. D. Et-wilson, and D. R. , A comparison of commercial and military computer security policies, Proceedings of the IEEE Symposium on Security and Privacy, pp.184-194, 1987.

F. Cuppens and A. Et-miège, Modelling contexts in the Or-BAC model, 19th Annual Computer Security Applications Conference, 2003. Proceedings., 2003.
DOI : 10.1109/CSAC.2003.1254346

. Damianou, Ponder : A language for specifying security and management policies for distributed systems, 2000.

[. F. Cuppens and A. Miège, Administration Model for Or-BAC, Cuppens et A. Miège Workshop on Metadata for Security, International Federated Conferences (OTM'03), pp.754-768, 2003.
DOI : 10.1007/978-3-540-39962-9_76

[. F. Cuppens and A. Miège, AdOrBAC : An Administration Model for Or-BAC. Special issue of the, Cuppens et A. Miège, 2004.

. Ferraiolo, Role-Based Access Control (RBAC) : Features and Motivations, 11th Annual Computer Security Applications Conference (ACSAC), 1995.

K. Ferraiolo, D. F. Ferraiolo, and D. R. Et-kuhn, Role-based access controls, 15th National Computer Security Conference, pp.554-563, 1992.

. Guttman, Information Flow in Operating Systems : Eager Formal Methods, Workshop on Issues in the Theory of Security (WITS'03), 2003.

. Guttman, Verifying information flow goals in Security-Enhanced Linux, Journal of Computer Security, vol.13, issue.1, pp.115-134, 2005.
DOI : 10.3233/JCS-2005-13105

. Harrison, Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976.
DOI : 10.1145/360303.360333

G. Herzog, A. L. Herzog, and J. D. Et-guttman, Achieving Security Goals with Security-Enhanced Linux, 2002.

H. H. Hosmer, Metapolicies I, ACM SIGSAC Review, vol.10, issue.2-3, pp.18-43, 1992.
DOI : 10.1145/147092.147097

H. H. Hosmer, Metapolicies II, The 15th National Computer Security Conference, pp.369-378, 1992.

H. H. Hosmer, The multipolicy paradigm for trusted systems, Proceedings on the 1992-1993 workshop on New security paradigms , NSPW '92-93, pp.19-32, 1993.
DOI : 10.1145/283751.283768

. Jajodia, Flexible support for multiple access control policies, ACM Transactions on Database Systems, vol.26, issue.2, pp.214-260, 2001.
DOI : 10.1145/383891.383894

. Jajodia, A Unified Framework for Enforcing Multiple Access Control Policies, Proceedings of the 1997 ACM SIGMOD International Conference on Management of Data, pp.474-485, 1997.

W. E. Kühnhauser, On Paradigms for Security Policies in Multipolicy Environments, 11th IFIP International Information Security Conference, 1995.
DOI : 10.1007/978-0-387-34873-5_32

B. W. Lampson, Dynamic protection structures, Proceedings of the November 18-20, 1969, fall joint computer conference on, AFIPS '69 (Fall), pp.27-38, 1969.
DOI : 10.1145/1478559.1478563

B. W. Lampson, Protection, The 5th Symposium on Information Sciences and Systems, pp.437-443, 1971.
DOI : 10.1145/775265.775268

P. Loscocco and S. Smalley, Integrating flexible support for security policies into the linux operating system, Proceedings of the FREENIX Track : 2001 USENIX Annual Technical Conference (FREENIX '01). USENIX, 2001.

. Loscocco, The Inevitability of Failure : The Flawed Assumption of Security in Modern Computing Environments, Proceedings of the 21st National Information Systems Security Conference, pp.303-314, 1998.

E. C. Lupu and M. Et-sloman, Conflicts in policy-based distributed systems management, IEEE Transactions on Software Engineering, vol.25, issue.6, pp.852-896, 1999.
DOI : 10.1109/32.824414

D. A. Marriott, Management policy specification, 1993.

J. Mclean, Reasoning About Security Models, 1987 IEEE Symposium on Security and Privacy, pp.123-131, 1987.
DOI : 10.1109/SP.1987.10020

N. H. Minsky and V. Et-ungureanu, Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems, ACM Transactions on Software Engineering and Methodology, vol.9, issue.3, pp.273-305, 2000.
DOI : 10.1145/352591.352592

S. Moffett, J. D. Moffett, and M. S. Et-sloman, The representation of policies as system objects, The Conference on Organizational Computer Systems, pp.171-184, 1991.

S. Moffett, J. D. Moffett, and M. S. Et-sloman, Policy conflict analysis in distributed system management, Journal of Organizational Computing, vol.3, issue.1, pp.1-22, 1993.
DOI : 10.1080/10919399409540214

S. Moffett, J. D. Moffett, and M. S. Et-sloman, Policy hierarchies for distributed systems management, IEEE Journal on Selected Areas in Communications, vol.11, issue.9, pp.1404-1414, 1993.
DOI : 10.1109/49.257932

. Moffett, Specifying discretionary access control policy for distributed systems, Computer Communications, vol.13, issue.9, pp.571-580, 1990.
DOI : 10.1016/0140-3664(90)90008-5

J. Morris, Recent developments in selinux kernel performance, 2004.

A. Ott, Rule set based access control as proposed in the 'generalized framework for access control' approach in linux, 1997.

A. Ott, The rule set based access control (RSBAC) linux kernel security extension, Proceedings of the 8th International Linux Kongress, 2001.

A. Ott, RSBAC benchmarks, 2006.

. Pourzandi, Distributed access control for carrier class clusters, Proceedings of the Parallel and Distributed Processing Techniques and Applications (PDPTA '03) Conference, 2003.

R. S. Sandhu, The schematic protection model: its definition and analysis for acyclic attenuating schemes, Journal of the ACM, vol.35, issue.2, pp.404-432, 1988.
DOI : 10.1145/42282.42286

R. S. Sandhu, The typed access matrix model, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.122-136, 1992.
DOI : 10.1109/RISP.1992.213266

. Sandhu, Role-based access control models, Computer, vol.29, issue.2, pp.38-47, 1996.
DOI : 10.1109/2.485845

M. Sloman, Policy driven management for distributed systems, Journal of Network and Systems Management, vol.III, issue.No. 8, pp.333-360, 1994.
DOI : 10.1007/BF02283186

. Sloman, An architecture for managing distributed systems, 1993 4th Workshop on Future Trends of Distributed Computing Systems, pp.40-46, 1993.
DOI : 10.1109/FTDCS.1993.344178

. Sloman, Domino domains and policies : An introduction to the project results, 1992.

F. Smalley, S. Smalley, and T. Et-fraser, A Security Policy Configuration for the Security-Enhanced Linux, 2000.

. Smalley, Implementing SELinux as a linux security module, 2001.

. Spencer, The Flask security architecture : System support for diverse security policies, Proceedings of The Eighth USENIX Security Symposium, pp.123-129, 1999.

B. Spengler, Detection, prevention, and containment : A study of grsecurity, Libre Software Meeting 2002 (LSM2002), 2002.

B. Spengler, Increasing performance and granularity in role-based access control systems, 2005.

. Walker, Confining Root Programs with Domain and Type Enforcement, Proceedings of The Sixth USENIX Security Symposium, pp.21-36, 1996.

R. Wies, Policies in network and systems management???Formal definition and architecture, Journal of Network and Systems Management, vol.2, issue.1, pp.63-83, 1994.
DOI : 10.1007/BF02141605