, Access control and authorization constraints for ws-bpel Security issues in service composition on Formal Methods for Open Object-Based Distributed Systems Verifying policy-based security for web services An advisor for web services security policies Integrity considerations for secure computers systems, PLAS '07 : Proceedings of the 2007 workshop on Programming languages and analysis for security Proceedings of the IEEE International Conference on Web Services IEEE Computer Society. [BDF06] Massimo Bartoletti, Pierpaolo Degano, Proceedings of FMOODS 2006, 8th IFIP Internat. Conf Proceedings of the 11th ACM conference on Computer and communications security , CCS '04 ACM. [BFG05] Karthikeyan Bhargavan, Cédric Fournet, and Andrew D. Gordon. A semantics for web services authentication Proceedings of the 2005 workshop on Secure web services, SWS '05BL73] D. Bell and L. J. LaPadula. Secure computer systems : Mathematical foundationsBL76] D. E. Bell and L. J. LaPadula. Secure computer system : Unified exposition and multics interpretation. Mtr-2997 ( esd-tr-75-306), MITRE Corp, pp.53-60, 1973.
, GenericWA-RBAC: Role Based Access Control Model for Web Applications, 9th International Conference on Information Technology (ICIT'06), pp.237-240, 2006.
DOI : 10.1109/ICIT.2006.57
, Civitas : Toward a secure voting system. Security and Privacy, IEEE Symposium on, vol.0, pp.354-368, 2008.
, Unraveling the Web services web: an introduction to SOAP, WSDL, and UDDI, IEEE Internet Computing, vol.6, issue.2, pp.86-93, 2002.
DOI : 10.1109/4236.991449
, Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp.463-475, 2007.
DOI : 10.1109/ACSAC.2007.37
, Web Service Composition: A Security Perspective, International Workshop on Challenges in Web Information Retrieval and Integration, pp.248-253, 2005.
DOI : 10.1109/WIRI.2005.36
, Security policies for downgrading, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.198-209, 2004.
DOI : 10.1145/1030083.1030110
, Cross-tier, labeld-based secuirty enforcement for web applications, Proceedings of the ACM SIGMOD International Conference on Management of Data, 2009.
, Sif : enforcing confidentiality and integrity in web applications, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp.1-1, 2007.
, Certification of programs for secure information flow, Communications of the ACM, vol.20, issue.7, pp.504-513, 1977.
DOI : 10.1145/359636.359712
, A lattice model of secure information flow, Commun . ACM, vol.19, issue.5, pp.236-243, 1976.
, Valérie Viet Triem Tong, and Yves Le Traon. Protection des données utilisateurs dans une orchestration de web-services, 2010.
, Preventing data leakage in service orchestration, 2011 7th International Conference on Information Assurance and Security (IAS), pp.122-127, 2011.
DOI : 10.1109/ISIAS.2011.6122806
URL : https://hal.archives-ouvertes.fr/hal-00657796
, Valérie Viet Triem Tong, and Yves Le Traon. User data confidentiality in an orchestration of web services, International Journal of Information Assurance and Security, 2012.
, Manageable fine-grained information flow, Proceedings of the 3rd ACM SIGOPS/Euro- Sys European Conference on Computer Systems 2008, Eurosys '08, pp.301-313, 2008.
, Labels and event processes in the asbestos operating system, ACM SIGOPS Operating Systems Review, vol.39, issue.5, pp.17-30, 2005.
DOI : 10.1145/1095809.1095813
, Security Policy Enforcement in BPEL-Defined Collaborative Business Processes, 2007 IEEE 23rd International Conference on Data Engineering Workshop, pp.685-694, 2007.
DOI : 10.1109/ICDEW.2007.4401056
, Memoryless subsystems. The computer Journal, pp.143-147, 1974.
, A security model of dynamic labeling providing a tiered approach to verification, Proceedings of the 1996 IEEE conference on Security and privacy, SP'96, pp.142-153, 1996.
, From Early Requirements Analysis towards Secure Workflows, Trust Management : Proceedings of IFIPTM 2007 : Joint iTrust and PST Conferences on Privacy, Trust Management and Security, 2007.
DOI : 10.1007/978-0-387-73655-6_28
, Moving trust out of application programs : A software architecture based on multi-level security virtual machines, 2006.
, Proposed nist standard for rolebased access control, ACM Trans. Inf. Syst. Secur, vol.4, pp.224-274, 2001.
, Automata-based confidentiality monitoring In In ASIAN'06 : the 11th Asian Computing Science Conference on Secure Software Automaton-based non-interference monitoring, 2006.
, Frédéric Tronel, and Valérie Viet Triem Tong Information flow control for intrusion detection derived from mac policy, Proceedings of the 2011 IEEE International Conference on Communications (ICC), p.6, 2011.
, Event-based application of ws-security policy on soap messages, Proceedings of the 2007 ACM workshop on Secure web services , SWS '07, pp.1-8, 2007.
DOI : 10.1145/1314418.1314420
, Security Policies and Security Models, 1982 IEEE Symposium on Security and Privacy, pp.75-86, 1982.
DOI : 10.1109/SP.1982.10014
, From Languages to Systems: Understanding Practical Application Development in Security-typed Languages, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06), pp.153-164, 2006.
DOI : 10.1109/ACSAC.2006.30
, Dynamic Taint Propagation for Java, 21st Annual Computer Security Applications Conference (ACSAC'05), pp.303-311, 2005.
DOI : 10.1109/CSAC.2005.21
, Practical, dynamic information-flow for virtual machines, Programming Language Interference and Dependence (PLID'05), 2005.
, Détection d'intrusion paramétrée par la politique de sécurité grâce au contrôle collaboratif des flux d'informations au sein d'un système d'exploitation et des applications : mise en oeuvre sous Linux pour les programmes Java, 2008.
, A secure workflow model ACSW Frontiers '03 Intransitive noninterference in dependence graphs, Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003 - Leveraging Applications of Formal Methods , Verification and Validation Second International Symposium on, pp.33-41, 2003.
, Policy-based intrusion detection in Web applications by monitoring Java information flows, 2008 Third International Conference on Risks and Security of Internet and Systems, pp.265-279, 2009.
DOI : 10.1109/CRISIS.2008.4757463
URL : https://hal.archives-ouvertes.fr/hal-00448139
, Information Flow Control to Secure Dynamic Web Service Composition, Security in Pervasive ComputingITS91] Critères d'évaluation de la sécurité des systèmes informatiques (itsec ). Office des publications officielles des Communautés européennes, 1991.
DOI : 10.1007/11734666_15
, SOA and web services : New technologies, new standards -new attacks A guide to understanding discretionary access control in trusted systems SOA in practice : The Art of Distributed System Design. O'Reilly An overview of web services security Towards an infrastructure for mls distributed computing, Privacy against the business partner Web Services ECOWS '07. Fifth European Conference onJos07] N. Josuttis Proceedings of the 14th Annual Computer Security Applications Conference, pp.35-4427, 1987.
, A Strategy for an MLS Workflow Management System, Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security : Research Advances in Database and Information Systems Security, pp.161-174, 2000.
DOI : 10.1007/978-0-387-35508-5_11
, A Multilevel Secure Workflow Management System, Proceedings of the 11th International Conference on Advanced Information Systems Engineering, CAiSE '99, pp.271-285, 1999.
DOI : 10.1007/3-540-48738-7_21
, Information flow control for standard os abstractions, Proceedings of twentyfirst ACM SIGOPS symposium on Operating systems principles, SOSP '07 Proc. 5th Princeton Conf. on Information Sciences and Systems, pp.321-334, 1971.
, An access control model for web services in business process IEEE Computer So- ciety. [LC06] Lap Chung Lam and Tzi-cker Chiueh. A general dynamic information flow tracking framework for security applications, Proceedings of the 2004 IEEEACM International Conference on Web Intelligence, WI '04 Proceedings of the 22nd Annual Computer Security Applications Conference, pp.292-298, 2004.
, Fabric, Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, pp.321-33462, 2005.
DOI : 10.1145/1629575.1629606
, Web services : What's real and what's not ? IT Professional, pp.14-21, 2005.
, Possible attacks on xml web services, International Journal of Computer Science and Network Security, vol.6, issue.1B, 2006.
, MARV - Data Level Confidentiality Protection in BPEL-Based Web Service Compositions, 2011 Conference on Network and Information Systems Security, 2011.
DOI : 10.1109/SAR-SSI.2011.5931365
, A decentralized model for information flow control, Proc. ACM Symp. on Operating System Principles, pp.129-142, 1997.
, Multilevel security in the UNIX tradition, Software: Practice and Experience, vol.2, issue.8, pp.673-694, 1992.
DOI : 10.1002/spe.4380220805
, Controlling the what and where of declassification in langage-based security, LNCS, vol.4421, pp.141-156, 2007.
, Controlled downgrading based on intransitive (non)interference, Proc. Asian Symp. on Programming Langages and Systems, pp.129-145, 2004.
, Jflow : Practical mostly-static information flow control, Proc. 26th ACM Symp. on Principles of Programming Languages (POPL, pp.228-241, 1999.
, Cross-site scripting prevention with dynamic data tainting and static analysis, Proceeding of the Network and Distributed System Security Symposium (NDSS'07, 2007.
, Semantics With Applications, 1992.
, Xml and web services security standards, Communications Surveys Tutorials IEEE, vol.11, issue.3, pp.4-21, 2009.
, A virtual machine based information flow 146 BIBLIOGRAPHIE control system for policy enforcement
, How bpel and soa are changing web services development, Internet Computing, IEEE, vol.197, issue.1 93, pp.3-1660, 2005.
, Service oriented architectures : approaches, technologies and research issues, The VLDB Journal, vol.16, issue.3, pp.389-415, 2007.
, Secure Workflow Execution in Grid Environments, 2009 3rd International Conference on New Technologies, Mobility and Security, pp.1-5, 2009.
DOI : 10.1109/NTMS.2009.5384709
, Information flow security for service compositions, 2009 International Conference on Ultra Modern Telecommunications & Workshops, pp.1-8, 2009.
DOI : 10.1109/ICUMT.2009.5345455
, Laminar : practical fine-grained decentralized information flow control, Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation, PLDI '09, pp.63-74, 2009.
, Multi-level security for service-oriented architectures, Proceedings of the 2006 IEEE conference on Military communications, MILCOM'06, pp.760-766, 2006.
, Dynamic vs. Static Flow-Sensitive Security Analysis, 2010 23rd IEEE Computer Security Foundations Symposium, pp.186-199, 2010.
DOI : 10.1109/CSF.2010.20
, Architectures orientées services. Une approche pragmatique des SOA. Vuibert, 2007.
, Lattice-based access control models, Computer, vol.26, issue.11, pp.9-19, 1993.
DOI : 10.1109/2.241422
, Information flow control of component-based distributed systems. Concurrency and Computation : Practice and Experience, p.2012
, Enforceable security policies, ACM Transactions on Information and System Security, vol.3, issue.1, pp.30-50, 2000.
DOI : 10.1145/353323.353382
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.147.1853
, Fable : A language for enforcing user-defined security policies The Flow Caml System : documentation and user's manual, Proceedings of the IEEE Symposium on Security and Privacy (Oakland), MAY 2008. [Sim03] Vincent Simonet Institut National de Recherche en Informatique et en Automatique (INRIA), jul 2003. c INRIA
, Language-based information-flow security, Proc. International Symp. on Software Security (ISSS'03), 3233 of LNCS Malware DetectionSOA07] Soap version 1.2 part 1 : Messaging framework, pp.5-19174, 2003.
DOI : 10.1109/JSAC.2002.806121
, From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research, Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics, PSI'09, pp.352-365, 2010.
DOI : 10.1007/978-3-642-11486-1_30
, Flexible dynamic information flow control in haskell Declassification : Dimensions and principles Dynamic dependency monitoring to secure information flow Guide to secure web services. recommendations of the national institute of standards and technology Generic security policy transformation framework for ws-security, Proceedings of the 4th ACM symposium on Haskell ACM. [SS07] A. Sabelfeld and D. Sands Proceedings of the 20th IEEE Computer Security Foundations Symposium Web Services ICWS 2007. IEEE International Conference on, pp.95-106, 2007.
, RIFLE: An Architectural Framework for User-Centric Information-Flow Security, 37th International Symposium on Microarchitecture (MICRO-37'04), pp.243-254, 2004.
DOI : 10.1109/MICRO.2004.31
, Why applying standards to web services is not enough. Security Privacy, IEEE, vol.4, issue.4, pp.25-31, 2006.
, Verifying secrets and relative secrecy, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages , POPL '00, pp.268-276, 2000.
DOI : 10.1145/325694.325729
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.152.7333
, A sound type system for secure flow analysis, Journal of Computer Security, vol.4, issue.2-3, pp.167-187, 1996.
DOI : 10.3233/JCS-1996-42-304
, Provably Correct Runtime Enforcement of Non-interference Properties, ICICS, pp.332-351, 2006.
DOI : 10.1007/11935308_24
, Enforcing distributed data security via web services, Factory Communication Systems Proceedings. 2004 IEEE International Workshop on, pp.397-402, 2004.
, Security controls in the adept-50 time-sharing system, Proceedings of the, pp.69-119, 1969.
, Easy-To-Use Programming Model for Web Services Security, The 2nd IEEE Asia-Pacific Service Computing Conference (APSCC 2007), pp.275-282, 2007.
DOI : 10.1109/APSCC.2007.38
, Deploying and managing Web services: issues, solutions, and directions, The VLDB Journal, vol.30, issue.5, pp.537-572, 2008.
DOI : 10.1007/s00778-006-0020-3
, Dynamic Information Flow Control Architecture for Web Applications, Computer Security ? ESO- RICS 2007, 2007.
DOI : 10.1007/978-3-540-74835-9_18
, SEWSEC: A Secure Web Service Composer using Information Flow Control, 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS), pp.1-8, 2011.
DOI : 10.1109/CRiSIS.2011.6061842
, Making information flow explicit in HiStar, Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation, pp.19-19, 2006.
DOI : 10.1145/2018396.2018419
, Dynamic security labels and static information flow control, International Journal of Information Security, vol.15, issue.2???3, pp.67-84, 2007.
DOI : 10.1007/s10207-007-0019-9
, Experimenting with a policy-based HIDS based on an information flow control model, 19th Annual Computer Security Applications Conference, 2003. Proceedings., 2003.
DOI : 10.1109/CSAC.2003.1254341