13 ? Diagramme de séquence utilisé pour l'orchestration des composantes du profil OrBAC Bibliographie [1] An extended RBAC profile of XACML, Proceedings of the 3rd ACM workshop on Secure web services, SWS '06, pp.13-22, 2006. ,
The B-Book : Assigning Programs to Meanings, 1996. ,
Modeling in Event-B : System and Software Engineering, 2009. ,
A constraint based role based access control in the SECTET a model-driven approach, 2006. ,
A Classification Framework Designed for Advanced Role-based Access Control Models and Mechanisms, 2009. ,
Profile for Role Based Access Control (RBAC) . OASIS Standard, 2004. ,
Model driven security, ACM Transactions on Software Engineering and Methodology, vol.15, issue.1, pp.39-91, 2006. ,
DOI : 10.1145/1125808.1125810
Specifying and analyzing security automata using CSP-OZ, Proceedings of the 2nd ACM symposium on Information, computer and communications security, ASIACCS '07, pp.70-81, 2007. ,
Dynamic Enforcement of Abstract Separation of Duty Constraints, ESORICS Lecture Notes in Computer Science, vol.2, issue.1, pp.250-267, 2009. ,
DOI : 10.1145/300830.300837
Secure Computer Systems : Mathematical Foundations and Model, pp.74-24442, 1973. ,
La composition des protocoles de sécurité avec la méthode B ´ evénementielle, Thèse de doctorat, Laboratoire Lorrain de Recherche en Informatique et ses Applications, 2010. ,
TRBAC : A temporal rolebased access control model, ACM Trans. Inf. Syst. Secur, vol.4, pp.191-233, 2001. ,
A logical framework for reasoning about access control models, Proceedings of the sixth ACM symposium on Access control models and technologies, SACMAT '01, pp.41-52, 2001. ,
Introduction to the ISO specification language LOTOS, Comput. Netw. ISDN Syst, vol.14, issue.1, pp.25-59, 1987. ,
Reasoning about XACML policies using CSP, Proceedings of the 2005 workshop on Secure web services, SWS '05, pp.28-35, 2005. ,
Analyzing consistency of security policies, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097), pp.103-112, 1997. ,
DOI : 10.1109/SECPRI.1997.601324
A Comparison of Commercial and Military Computer Security Policies . Security and Privacy, IEEE Symposium on, p.184, 1987. ,
XACML and role-based access control, Presentation at DIMACS Workshop on Security of Web Services and e-Commerce, p.174, 2005. ,
MotOrBAC : un outil d'administration et de simulation de politiques de sécurité, Security in Network Architectures (SAR) and Security of Information Systems (SSI), First Joint Conference, 2006. ,
A methodology for secure software design . Dans Procs, Int. Conf. on Software Engineering Research and Practice, pp.21-24, 2004. ,
Role-Based Access Control, 2003. ,
Efficient Symbolic Execution of Large Quantifications in a Process Algebra, LNCS, vol.4789, pp.327-344, 2007. ,
DOI : 10.1007/978-3-540-76650-6_19
Efficient Symbolic Computation of Process Expressions, Science of Computer Programming, vol.74, issue.9, pp.723-753, 2009. ,
Synthesizing Information Systems : the APIS Project, First International Conference on Research Challenges in Information Science, pp.73-84, 2007. ,
URL : https://hal.archives-ouvertes.fr/hal-01125305
Extending statecharts with process algebra operators, Innovations in Systems and Software Engineering, pp.285-292, 2008. ,
DOI : 10.1007/s11334-008-0064-1
URL : https://hal.archives-ouvertes.fr/hal-01223276
EB 3 : an entity-based black-box specification method for information systems, Software and System Modeling, pp.134-149, 2003. ,
Generating relational database transactions from eb 3 attribute definitions, Software & Systems Modeling, vol.18, issue.2, pp.423-445, 2009. ,
DOI : 10.1007/s10270-008-0104-1
URL : https://hal.archives-ouvertes.fr/hal-01224655
Model-Checking Access Control Policies ,
PWSSec: Process for Web Services Security, 2006 IEEE International Conference on Web Services (ICWS'06), pp.213-222, 2006. ,
DOI : 10.1109/ICWS.2006.107
Towards a Process for Web Services Security, Journal of Research and Practice in Information Technology, vol.38, issue.1, 2006. ,
Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976. ,
DOI : 10.1145/360303.360333
Specifying Access Control in Event-B, 2009. ,
Communicating sequential processes, Communications of the ACM, vol.21, issue.8, pp.666-677, 1978. ,
DOI : 10.1145/359576.359585
Security in a Web Services World : A Proposed Architecture and Roadmap Version 1.0 . IBM, Microsoft, 2002. ,
Flexible support for multiple access control policies, ACM Trans. Database Syst, vol.26, pp.214-260, 2001. ,
Temporal hierarchies and inheritance semantics for GTRBAC, Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT '02, pp.74-83, 2002. ,
Modèles et politiques de sécurité pour les domaines de la santé et des affaires sociales, Thèse de doctorat, Laboratoire d'Analyse et d Architecture des Systèmes du Centre National de la Recherche Scientifique, 2003. ,
Organization based access control, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY '03, pp.120-130 ,
URL : https://hal.archives-ouvertes.fr/hal-01483818
From Formal Access Control Policies to Runtime Enforcement Aspects, Proceedings of the 1st International Symposium on Engineering Secure Software and Systems, ESSoS '09, pp.16-31, 2009. ,
Analyzing web access control policies, Proceedings of the 16th international conference on World Wide Web, pp.677-686, 2007. ,
Synthèse automatique de gardes EB3, 2008. ,
Expressing Access Control Policies with an Event-Based Approach Advanced Information Systems Engineering Workshops, Lecture Notes in Business Information Processing, vol.83, pp.607-621, 2011. ,
Taking into Account Functional Models in the Validation of IS Security Policies, 1st International Workshop on Information Systems Security Engineering (WISSE) host by CAISE, 2011. ,
Validation of security policies by the animation of Z specifications, pp.155-164, 2011. ,
Beyond separation of duty : An algebra for specifying highlevel security policies, J. ACM, vol.55, issue.3, pp.1-46, 2008. ,
SecureUML : A UML-Based Modeling Language for Model-Driven Security, Proceedings of the 5th International Conference on The Unified Modeling Language, UML '02, pp.426-441, 2002. ,
Access Control Policies : Modeling and Validation, NOTERE, pp.85-91, 2005. ,
Définition d'un environnement formel d'expression de politiques de sécurité. Modèle Or-BAC et extensions, Thèse de doctorat, 2005. ,
Automatic Generation of Error Messages for the Symbolic Execution of EB 3 Process Expressions, 7th International Conference, IFM 2009 Proceedings, volume 5423 de LNCS, pp.337-351, 2009. ,
Combining UML, ASTD and B for the formal specification of an access control filter, Innovations in Systems and Software Engineering, pp.303-313, 2011. ,
DOI : 10.1007/s11334-011-0166-z
URL : https://hal.archives-ouvertes.fr/hal-00860798
Web Services Security : SOAP Message Security 1.1 (WS-Security OASIS Standard, 2004. ,
An obligation model bridging access control policies and privacy policies, Proceedings of the 13th ACM symposium on Access control models and technologies, SACMAT '08, pp.133-142, 2008. ,
Towards usage control models : beyond traditional access control, Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT '02, pp.57-64, 2002. ,
An algebra for fine-grained integration of XACML policies, pp.63-72, 2009. ,
Using uml to visualize rolebased access control constraints, Proceedings of the ninth ACM symposium on Access control models and technologies, SACMAT '04, pp.115-124, 2004. ,
Système d'information et management des organisations, Vuibert, 1998. ,
A CSP formulation of noninterference, European Symposium on Research in Computer Security, pp.33-35 ,
Transaction control expressions for separation of duties, [Proceedings 1988] Fourth Aerospace Computer Security Applications, pp.282-286, 1988. ,
DOI : 10.1109/ACSAC.1988.113349
Role-based access control models, Computer, vol.29, issue.2, pp.38-47, 1996. ,
DOI : 10.1109/2.485845
Sarbanes-Oxley Act, Public Law, issue.116, pp.107-204, 2002. ,
A lightweight approach to specification and analysis of role-based access control extensions, Proceedings of the seventh ACM symposium on Access control models and technologies, SACMAT '02, pp.13-22, 2002. ,
Web Services Policy Framework (WSPolicy) Version 1.2, 2006. ,
An access control language for web services, SACMAT '02 : Proceedings of the seventh ACM symposium on Access control models and technologies, pp.23-30, 2002. ,
Note explicative concernant la la fraude exceptionnelle, 2008. ,
Analyzing and Managing Role-Based Access Control Policies, IEEE Transactions on Knowledge and Data Engineering, vol.20, pp.924-939, 2008. ,
The Z notation : a reference manual, 1992. ,
Team-based access control (TMAC) : a primitive for applying rolebased access controls in collaborative environments, Proceedings of the second ACM workshop on Role-based access control, RBAC '97, pp.13-19, 1997. ,
W-RBAC ??? A Workflow Security Model Incorporating Controlled Overriding of Constraints, International Journal of Cooperative Information Systems, vol.12, issue.04, pp.455-486, 2003. ,
DOI : 10.1142/S0218843003000814
Applying Model Driven Architecture approach to Model Role Based Access Control System Mémoire de ma??trisema??trise A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty, 2006. ,
Attributed Based Access Control (ABAC) for Web Services ,
RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis, Proceedings of the 8th ACM symposium on Access control models and technologies, SACMAT '03, 2003. ,
Synthesising verified access control systems in XACML, Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pp.56-65, 2004. ,