, 13 ? Diagramme de séquence utilisé pour l'orchestration des composantes du profil OrBAC Bibliographie [1] An extended RBAC profile of XACML, Proceedings of the 3rd ACM workshop on Secure web services, SWS '06, pp.13-22, 2006.
, The B-Book : Assigning Programs to Meanings, 1996.
, Modeling in Event-B : System and Software Engineering, 2009.
, A constraint based role based access control in the SECTET a model-driven approach, 2006.
, A Classification Framework Designed for Advanced Role-based Access Control Models and Mechanisms, 2009.
, Profile for Role Based Access Control (RBAC) . OASIS Standard, 2004.
, Model driven security, ACM Transactions on Software Engineering and Methodology, vol.15, issue.1, pp.39-91, 2006.
DOI : 10.1145/1125808.1125810
, Specifying and analyzing security automata using CSP-OZ, Proceedings of the 2nd ACM symposium on Information, computer and communications security, ASIACCS '07, pp.70-81, 2007.
, Dynamic Enforcement of Abstract Separation of Duty Constraints, ESORICS Lecture Notes in Computer Science, vol.2, issue.1, pp.250-267, 2009.
DOI : 10.1145/300830.300837
, Secure Computer Systems : Mathematical Foundations and Model, pp.74-24442, 1973.
, La composition des protocoles de sécurité avec la méthode B ´ evénementielle, Thèse de doctorat, Laboratoire Lorrain de Recherche en Informatique et ses Applications, 2010.
, TRBAC : A temporal rolebased access control model, ACM Trans. Inf. Syst. Secur, vol.4, pp.191-233, 2001.
, A logical framework for reasoning about access control models, Proceedings of the sixth ACM symposium on Access control models and technologies, SACMAT '01, pp.41-52, 2001.
, Introduction to the ISO specification language LOTOS, Comput. Netw. ISDN Syst, vol.14, issue.1, pp.25-59, 1987.
, Reasoning about XACML policies using CSP, Proceedings of the 2005 workshop on Secure web services, SWS '05, pp.28-35, 2005.
, Analyzing consistency of security policies, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097), pp.103-112, 1997.
DOI : 10.1109/SECPRI.1997.601324
, A Comparison of Commercial and Military Computer Security Policies . Security and Privacy, IEEE Symposium on, p.184, 1987.
, XACML and role-based access control, Presentation at DIMACS Workshop on Security of Web Services and e-Commerce, p.174, 2005.
, MotOrBAC : un outil d'administration et de simulation de politiques de sécurité, Security in Network Architectures (SAR) and Security of Information Systems (SSI), First Joint Conference, 2006.
, A methodology for secure software design . Dans Procs, Int. Conf. on Software Engineering Research and Practice, pp.21-24, 2004.
, Role-Based Access Control, 2003.
, Efficient Symbolic Execution of Large Quantifications in a Process Algebra, LNCS, vol.4789, pp.327-344, 2007.
DOI : 10.1007/978-3-540-76650-6_19
, Efficient Symbolic Computation of Process Expressions, Science of Computer Programming, vol.74, issue.9, pp.723-753, 2009.
, Synthesizing Information Systems : the APIS Project, First International Conference on Research Challenges in Information Science, pp.73-84, 2007.
URL : https://hal.archives-ouvertes.fr/hal-01125305
, Extending statecharts with process algebra operators, Innovations in Systems and Software Engineering, pp.285-292, 2008.
DOI : 10.1007/s11334-008-0064-1
URL : https://hal.archives-ouvertes.fr/hal-01223276
, EB 3 : an entity-based black-box specification method for information systems, Software and System Modeling, pp.134-149, 2003.
, Generating relational database transactions from eb 3 attribute definitions, Software & Systems Modeling, vol.18, issue.2, pp.423-445, 2009.
DOI : 10.1007/s10270-008-0104-1
URL : https://hal.archives-ouvertes.fr/hal-01224655
, Model-Checking Access Control Policies
, PWSSec: Process for Web Services Security, 2006 IEEE International Conference on Web Services (ICWS'06), pp.213-222, 2006.
DOI : 10.1109/ICWS.2006.107
, Towards a Process for Web Services Security, Journal of Research and Practice in Information Technology, vol.38, issue.1, 2006.
, Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976.
DOI : 10.1145/360303.360333
, Specifying Access Control in Event-B, 2009.
, Communicating sequential processes, Communications of the ACM, vol.21, issue.8, pp.666-677, 1978.
DOI : 10.1145/359576.359585
, Security in a Web Services World : A Proposed Architecture and Roadmap Version 1.0 . IBM, Microsoft, 2002.
, Flexible support for multiple access control policies, ACM Trans. Database Syst, vol.26, pp.214-260, 2001.
, Temporal hierarchies and inheritance semantics for GTRBAC, Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT '02, pp.74-83, 2002.
, Modèles et politiques de sécurité pour les domaines de la santé et des affaires sociales, Thèse de doctorat, Laboratoire d'Analyse et d Architecture des Systèmes du Centre National de la Recherche Scientifique, 2003.
, Organization based access control, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY '03, pp.120-130
URL : https://hal.archives-ouvertes.fr/hal-01483818
, From Formal Access Control Policies to Runtime Enforcement Aspects, Proceedings of the 1st International Symposium on Engineering Secure Software and Systems, ESSoS '09, pp.16-31, 2009.
, Analyzing web access control policies, Proceedings of the 16th international conference on World Wide Web, pp.677-686, 2007.
, Synthèse automatique de gardes EB3, 2008.
, Expressing Access Control Policies with an Event-Based Approach Advanced Information Systems Engineering Workshops, Lecture Notes in Business Information Processing, vol.83, pp.607-621, 2011.
, Taking into Account Functional Models in the Validation of IS Security Policies, 1st International Workshop on Information Systems Security Engineering (WISSE) host by CAISE, 2011.
, Validation of security policies by the animation of Z specifications, pp.155-164, 2011.
, Beyond separation of duty : An algebra for specifying highlevel security policies, J. ACM, vol.55, issue.3, pp.1-46, 2008.
, SecureUML : A UML-Based Modeling Language for Model-Driven Security, Proceedings of the 5th International Conference on The Unified Modeling Language, UML '02, pp.426-441, 2002.
, Access Control Policies : Modeling and Validation, NOTERE, pp.85-91, 2005.
, Définition d'un environnement formel d'expression de politiques de sécurité. Modèle Or-BAC et extensions, Thèse de doctorat, 2005.
, Automatic Generation of Error Messages for the Symbolic Execution of EB 3 Process Expressions, 7th International Conference, IFM 2009 Proceedings, volume 5423 de LNCS, pp.337-351, 2009.
, Combining UML, ASTD and B for the formal specification of an access control filter, Innovations in Systems and Software Engineering, pp.303-313, 2011.
DOI : 10.1007/s11334-011-0166-z
URL : https://hal.archives-ouvertes.fr/hal-00860798
, Web Services Security : SOAP Message Security 1.1 (WS-Security OASIS Standard, 2004.
, An obligation model bridging access control policies and privacy policies, Proceedings of the 13th ACM symposium on Access control models and technologies, SACMAT '08, pp.133-142, 2008.
, Towards usage control models : beyond traditional access control, Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT '02, pp.57-64, 2002.
, An algebra for fine-grained integration of XACML policies, pp.63-72, 2009.
, Using uml to visualize rolebased access control constraints, Proceedings of the ninth ACM symposium on Access control models and technologies, SACMAT '04, pp.115-124, 2004.
, Système d'information et management des organisations, Vuibert, 1998.
, A CSP formulation of noninterference, European Symposium on Research in Computer Security, pp.33-35
, Transaction control expressions for separation of duties, [Proceedings 1988] Fourth Aerospace Computer Security Applications, pp.282-286, 1988.
DOI : 10.1109/ACSAC.1988.113349
, Role-based access control models, Computer, vol.29, issue.2, pp.38-47, 1996.
DOI : 10.1109/2.485845
, Sarbanes-Oxley Act, Public Law, issue.116, pp.107-204, 2002.
, A lightweight approach to specification and analysis of role-based access control extensions, Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT '02, pp.13-22, 2002.
, Web Services Policy Framework (WSPolicy) Version 1.2, 2006.
, An access control language for web services, SACMAT '02 : Proceedings of the seventh ACM symposium on Access control models and technologies, pp.23-30, 2002.
, Note explicative concernant la la fraude exceptionnelle, 2008.
, Analyzing and Managing Role-Based Access Control Policies, IEEE Transactions on Knowledge and Data Engineering, vol.20, pp.924-939, 2008.
, The Z notation : a reference manual, 1992.
, Team-based access control (TMAC) : a primitive for applying rolebased access controls in collaborative environments, Proceedings of the second ACM workshop on Role-based access control, RBAC '97, pp.13-19, 1997.
, W-RBAC ??? A Workflow Security Model Incorporating Controlled Overriding of Constraints, International Journal of Cooperative Information Systems, vol.12, issue.04, pp.455-486, 2003.
DOI : 10.1142/S0218843003000814
, Applying Model Driven Architecture approach to Model Role Based Access Control System Mémoire de ma??trisema??trise A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty, 2006.
, Attributed Based Access Control (ABAC) for Web Services
, RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis, Proceedings of the 8th ACM symposium on Access control models and technologies, SACMAT '03, 2003.
, Synthesising verified access control systems in XACML, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pp.56-65, 2004.