C. Analyse-fonctionnelle, 113 V.3.1 Niveaux d'identification et de validation des flux, p.113

P. Ordinateur-du, 130 VI.2.1 Cadre d'utilisation, p.131

.. Considérations-de-mise-en-oeuvre, 135 VI.3.1 Capture des flux ascendants des applications redondantes en vue de leur validation135 VI.3.1.1 Implémentation de la diversification par virtualisation, Java, p.139

.. Interactions-avec-les-applications-diversifiées, 139 VI.3.2.1 Gestion de l'interaction avec l'opérateur, p.140

.. Mise-en-oeuvre-arsec and .. Et-awt, 1 Description d'une machine virtuelle non sûre 142 VI.4.1.2 Description d'une machine virtuelle sûre, 142 VI.4.1 Interception des appels Java Swing, p.144

A. Colyer, A. Clement, G. Harley, and M. Webster, Eclipse AspectJ, Aspect-Oriented Programming with AspectJ and the Eclipse Aspect Development Tools, 2005.

A. , R. L. , J. P. Ossenfort, K. I. Laws, A. Goforth et al., Communications for Integrated Modular Avionics, Aerospace Conference, pp.1-18, 2007.

J. Alves-foss, P. W. Oman, C. Taylor, and E. W. Scott-harisson, The MILS architecture for high-assurance embedded systems, International Journal of Embedded Systems, vol.2, issue.3/4, pp.239-247, 2006.
DOI : 10.1504/IJES.2006.014859

A. Avizienis, . Laprie, . Randell, and . Landwehr, Basic concepts and taxonomy of dependable and secure computing, IEEE Transactions on Dependable and Secure Computing, vol.1, issue.1, pp.11-33, 2004.
DOI : 10.1109/TDSC.2004.2

A. Avizienis, The N-Version Approach to Fault-Tolerant Software, IEEE Transactions on Software Engineering, vol.11, issue.12, pp.1491-1501, 1985.
DOI : 10.1109/TSE.1985.231893

B. Balacheff, L. Chen, S. Pearson, D. Plaquin, and G. Proudler, Trusted Computing Platforms, TCPA technology in context, 2003.

C. Basile, Z. Kalbarczyk, and R. Iyer, A preemptive deterministic scheduling algorithm for multithreaded replicas, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings., pp.149-158, 2003.
DOI : 10.1109/DSN.2003.1209926

C. Basile, K. Whisnant, Z. Kalbarczyk, and R. Iyer, Loose synchronization of multithreaded replicas, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings., p.250, 2002.
DOI : 10.1109/RELDIS.2002.1180194

K. J. Biba, Integrity Considerations for Secure Computer Systems. MITRE Co., technical report ESD-TR, pp.76-372, 1977.

K. L. Bowles, Beginner's Guide for the UCSD Pascal System, 1980.

S. S. Brillant, C. Et-john, and . Knight, The consistent comparison problem in N-version software, IEEE Transactions on Software Engineering, vol.15, issue.11, pp.1481-1485, 1989.
DOI : 10.1109/32.41339

D. Clark and . Wilson, A Comparison of Commercial and Military Computer Security Policies, 1987 IEEE Symposium on Security and Privacy, pp.184-194, 1987.
DOI : 10.1109/SP.1987.10001

P. Conmy and J. Mcdermid, High level failure analysis for Integrated Modular Avionics, Proceedings of the Sixth Australian workshop on Safety critical systems and software, pp.13-21, 2001.

J. Delange, J. Hugues, L. Pautet, and E. B. Zalila, Code Generation Strategies from AADL Architectural Descriptions Targeting the High Integrity Domain, 4th European Congress ERTS, 2008.

Y. Deswarte, J. Et, and . Lavictoire, MARIGNAN-A method for correcting intermittent failures, International Symposium on Fault-Tolerant Computing FTC-5, 1975.

Y. Deswarte, D. Et, and . Powell, Internet Security: An Intrusion-Tolerance Approach, Proceedings of the IEEE, vol.94, issue.2, pp.432-441, 2006.
DOI : 10.1109/JPROC.2005.862320

Y. Deswarte, L. Blain, and J. Fabre, Intrusion tolerance in distributed computing systems, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp.441-451, 1991.
DOI : 10.1109/RISP.1991.130780

Y. Deswarte, M. Kaâniche, P. Corneillie, and J. Goodson, SQUALE Dependability Assessment Criteria, p.71, 1999.
DOI : 10.1007/3-540-48249-0_3

Y. Deswarte, K. Kanoun, and J. Laprie, Diversity against accidental and deliberate faults Computer Security, Dependability, and Assurance: From Needs to Solutions, pp.171-181, 1998.

J. Domaschka, T. Bestfleisch, F. J. Hauck, H. P. Reiser, and R. Kapitza, Multithreading Strategies for Replicated Objects, Proceedings of the 9th ACM/IFIP/USENIX International Conference on Middleware, pp.104-123, 2008.
DOI : 10.1007/11773887_20

G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen, ReVirt, ACM SIGOPS Operating Systems Review, vol.36, issue.SI, pp.211-224, 2002.
DOI : 10.1145/844128.844148

B. Dutertre and V. Stavridou, A model of noninterference for integrating mixed-criticality software components, Dependable Computing for Critical Applications 7, 1999.
DOI : 10.1109/DCFTS.1999.814302

J. Fraga, C. Maziero, L. C. Lung, and O. G. Filho, Implementing replicated services in open systems using a reflective approach, Proceedings of the Third International Symposium on Autonomous Decentralized Systems. ISADS 97, 1997.
DOI : 10.1109/ISADS.1997.590631

R. Friedman and A. Kama, Transparent fault-tolerant Java virtual machine, 22nd International Symposium on Reliable Distributed Systems, 2003. Proceedings., pp.319-328, 2003.
DOI : 10.1109/RELDIS.2003.1238083

T. Garfinkel and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Proc. Network and Distributed Systems Security Symposium, pp.191-206, 2003.

J. Gray, A census of Tandem system availability between 1985 and 1990, IEEE Transactions on Reliability, vol.39, issue.4, pp.409-432, 1985.
DOI : 10.1109/24.58719

H. J. Hoxer, K. Buchacker, and E. V. Sieh, Implementing a User Mode Linux with Minimal Changes from Original Kernel, 9th International Linux Sysem Technology Conference, 2002.

B. Jansen, H. V. Ramasamy, M. Schunter, and A. Tanner, Architecting Dependable and Secure Systems Using Virtualization, Architecting Dependable Systems V, pp.124-149, 2008.
DOI : 10.1145/844128.844148

A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen, Detecting Past and Present Intrusions Through Vulnerability-Specific Predicates, 20th ACM Symposium on Operating Systems Principles (SOSP), pp.91-104, 2005.
DOI : 10.1145/1095809.1095820
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.81.29

R. Kaiser and S. Wagner, The PikeOS Concept: History and Design, SYSGO Embedding Innovations White Paper

S. T. King, P. M. Et, and . Chen, Backtracing Intrusion, 19th ACM Symposium on Operating Systems Principles (SOSP '03), pp.51-76, 2003.

S. T. King, G. W. Dunlap, and P. M. Chen, Debugging Operating Sysetms with Time- Traveling Virtual Machines, Annual USENIX Technical Conference, pp.1-15, 2005.

S. T. King, Z. M. Mao, D. G. Luchetti, and P. M. Chen, Enriching Intrusion Alerts through Multi-Host Causality, Network and Distributed System Security Symposium (NDSS), 2005.

H. Kopetz, A. Damm, C. Koza, M. Mulazzani, W. Schwabl et al., Distributed fault-tolerant real-time systems: the Mars approach, IEEE Micro, vol.9, issue.1, pp.25-40, 1989.
DOI : 10.1109/40.16792

Y. Laarouchi, Y. Deswarte, D. Powell, and J. Arlat, Safety and Security Architectures for Avionics, Doctoral Consortium (DCSOFT 2008), the 3rd International Conference on Software and Data Technologies, 2008.

Y. Laarouchi, Y. Deswarte, D. Powell, J. Arlat, and . Et-eric-de-nadai, Criticality and Confidence Issues in Avionics, 12th European Workshop on Dependable Computing (EWDC), EWDC'09, 2009.
URL : https://hal.archives-ouvertes.fr/hal-00381966

E. Lacombe, V. Nicomette, and Y. Deswarte, Une approche de virtualisation assistée par le matériel pour protéger l'espace noyau d'actions malveillantes, Symposium sur la Sécurité des Technologies de l'Information et des Communications, 2009.

H. A. Lagar-cavilla, J. Whitney, A. Scanell, P. Patchin, S. Rumble et al., SnowFlock, Proceedings of the fourth ACM european conference on Computer systems, EuroSys '09, pp.1-12, 2009.
DOI : 10.1145/1519065.1519067

J. Laprie, C. Béounes, K. Kanoun, and J. Arlat, Definition and analysis of hardware- and software-fault-tolerant architectures, Computer, vol.23, issue.7, pp.39-51, 1990.
DOI : 10.1109/2.56851

M. Laureano, C. Maziero, and E. Jamhour, Intrusion detection in virtual machine environments, Proceedings. 30th Euromicro Conference, 2004., pp.520-525, 2004.
DOI : 10.1109/EURMIC.2004.1333416

J. Lawall and G. Muller, Efficient incremental checkpointing of Java programs, Proceeding International Conference on Dependable Systems and Networks. DSN 2000, 2000.
DOI : 10.1109/ICDSN.2000.857515
URL : https://hal.archives-ouvertes.fr/inria-00072848

P. A. Lee, T. Et, and . Anderson, Fault Tolerance: Principles and Practice, 1990.

L. Dong, R. Melhem, D. Mosse, S. Ghosh, W. Heimerdinger et al., Implementation of a transient-fault-tolerance scheme on DEOS-a technology transfer from an academic system to an industrial system, Proceedings of the Fifth IEEE Real-Time Technology and Applications Symposium, pp.56-65, 1999.

J. Michaloski, S. Birla, and J. Yen, Software Models for Standardizing the Human-Machine Interface Connection to a Machine Controller, Proceedings of the World Automation Congress, 2000.

I. Moir and A. Seabridge, Civil Avionics Systems, 2003.
DOI : 10.1002/9781118536704

M. Namjoo, CERBERUS-16: An Architecture for a General Purpose Watchdog Processor, 13th Int. Symposium on Fault Tolerant Computing (FTCS-13), pp.316-325, 1983.

J. Napper, L. Alvisi, and H. Vin, A fault-tolerant java virtual machine, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings., pp.425-434, 2003.
DOI : 10.1109/DSN.2003.1209953

M. L. Olive, R. T. Oishi, and E. S. Arentz, Commercial Aircraft Information Security-an Overview of ARINC Report 811, 2006 ieee/aiaa 25TH Digital Avionics Systems Conference, 2006.
DOI : 10.1109/DASC.2006.313761

W. W. Peterson, E. J. Et, and . Weldon, Error-Correcting Codes, 1972.

S. Poledna, Replica Determinism in Distributed Real-Time Systems: A Brief Survey. Real-Time Systems, pp.289-316, 1994.

D. Powell, Chapter 6 Replicated Software Components. Dans Delta-4: A generic architecture for dependable computing, ESPRIT Research Reports, pp.100-104, 1991.

C. Rabéjac, Auto-surveillance logicielle pour applications critiques: méthode et mécanismes, Thèse en informatique, 1995.

B. Randell, System structure for software fault tolerance, Proceedings of the international conference on Reliable software, pp.437-449, 1975.

H. P. Reiser, R. Et, and . Kapitza, Hypervisor-Based Efficient Proactive Recovery, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007), pp.83-92, 2007.
DOI : 10.1109/SRDS.2007.25

T. Richardson, Q. Stafford-fraser, K. R. Wood, and A. Hopper, Virtual network computing, IEEE Internet Computing, vol.2, issue.1, 1998.
DOI : 10.1109/4236.656066

R. Rodrigues, M. Castro, and B. Liskov, BASE: using abstraction to improve fault tolerance, ACM Transactions on Computer Systems, vol.21, issue.3, pp.236-269, 2003.

A. Rugina, P. Feiler, K. Kanoun, and M. Kaaniche, Software dependability modeling using an industry-standard architecture description language, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00323983

J. Rushby, Partitioning in Avionics Architectures: Requirements, Mechanisms, and Assurance, 2000.

J. Rushby, Formal Methods and the Certification of Critical Systems, 1993.

F. Salles, M. Rodriguez, J. Fabre, and J. Arlat, MetaKernels and fault containment wrappers, Digest of Papers. Twenty-Ninth Annual International Symposium on Fault-Tolerant Computing (Cat. No.99CB36352), pp.22-29, 1999.
DOI : 10.1109/FTCS.1999.781030

J. Smith and R. Nair, Virtual Machines: Versatile Platforms for Systems and Processes. 1er éd, 2005.

A. Tanenbaum, Architecture de l'ordinateur : Cours et exercices, 2001.

E. Totel, . Lj, J. Beus-dukic, Y. Blanquart, E. D. Deswarte et al., Integrity management in GUARDS, Proceedings of IFIP International Conference on Distributed Systems Platforms and Open Distributed Processing (Middleware'98), pp.105-122, 1998.
DOI : 10.1007/978-1-4471-1283-9_7

E. Totel, J. Blanquart, Y. Deswarte, and E. D. Powell, Supporting multiple levels of criticality, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224), pp.70-79, 1998.
DOI : 10.1109/FTCS.1998.689456

E. Totel, Politique d'intégrité multiniveau pour la protection en ligne de tâches critiques, Thèse en informatique, 1998.

P. Traverse, I. Lacaze, and J. Souyris, Airbus Fly-By-Wire: A Total Approach To Dependability, Dans Building the Information Society, pp.191-212, 2004.
DOI : 10.1007/978-1-4020-8157-6_18

G. Vache, Environment Characterization and System Modeling Approach for the Quantitative Evaluation of Security, 28th Int. Conf. on Computer Safety, Reliability and Security (SAFECOMP'09, 2009.
DOI : 10.1109/MSECP.2003.1219056

W. Post, A Time to Patch, 2006.

A. Whitaker, M. Shaw, and E. S. Gribble, Lightweight virtual machines for distributed and networked application, USENIX Annual Technical Conference, 2002.

. Dans-le-comparateur, nous avons mis une temporisation pour attendre que la phase d'instanciation soit terminée, afin d'éviter d'avoir des problèmes de synchronisme au départ. try{Thread.sleep(15000);} catch(InterruptedException e){}

S. Les and J. , ont pas été modifiées, l'application fonctionne correctement, et traite le message : public void TraiterMessage (Message mess){ if(mess.natureMessage.equals NouveauFrame(mess)

. Prenons-maintenant-l-'exemple-d-'un-bouton, A son instanciation, à l'instar du frame, un message va être envoyé à la machine sûre avec l'instruction button. La machine sûre exécute ce message de cette manière

. Dans-ce-cas, est-à-dire quand le manipulateur clique sur le bouton « fictif » de la machine sûre. Ce clic doit être envoyé aux machines virtuelles. Nous supposons ici qu'une action soit associée à chaque bouton, ce qui d'un premier abord parait évident. On crée donc un bouton