, on ne donne ici que les paires de mécanismes incompatibles (aux niveaux système et réseau) et dépendants. Les paires non-spécifiées sont considérées compatibles et indépendantes. Les mécanismes incompatibles au niveau système FileWEB 11 o /etc/httpd/logs LogWEB 12, p.13
, lignes 1 à 10) contient le résultat de l'accès à la VM apache-see-1 (VM Apache du premier triplet) par l'utilisateur user depuis la VM client-1 (VM Client du premier triplet) Cet accès est autorisé par la politique et STATE, pp.22-80
, Computer security threat monitoring and surveillance . Rapport technique, 1980.
, Web services agreement specification (ws-agreement) In Open Grid Forum, p.216, 2007.
, A view of cloud computing, Communications of the ACM, vol.53, issue.4, pp.50-58, 2010.
DOI : 10.1145/1721654.1721672
, A-PPL: An Accountability Policy Language, Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance, pp.319-326, 2015.
DOI : 10.1007/978-3-319-17016-9_21
, Trusted platform module (tpm) based security on notebook pcs-white paper. Mobile Platforms Group Intel Corporation, pp.1-20, 2002.
, Autonomic personal computing, IBM Systems Journal, vol.42, issue.1, pp.165-176, 2003.
DOI : 10.1147/sj.421.0165
, Xen and the art of virtualization, ACM SIGOPS Operating Systems Review, vol.37, issue.5, pp.164-177, 2003.
DOI : 10.1145/1165389.945462
, Collaborative remediation of configuration vulnerabilities in autonomic networks and systems, Proceedings of the 8th International Conference on Network and Service Management International Federation for Information Processing, pp.357-363, 2012.
, Towards the assessment of distributed vulnerabilities in autonomic networks and systems, 2012 IEEE Network Operations and Management Symposium, pp.335-342, 2012.
DOI : 10.1109/NOMS.2012.6211916
, The Public Cloud Market Is Now In Hypergrowth -Sizing The Public Cloud Market, 2014.
, Paranoid penguin : an introduction to novell apparmor Secure computer systems : Mathematical foundations, Linux Journal, issue.148, 1973.
, Qemu, a fast and portable dynamic translator, USENIX Annual Technical Conference, FREENIX Track, pp.41-46, 2005.
, Security SLAs for Federated Cloud Services, 2011 Sixth International Conference on Availability, Reliability and Security, pp.202-209, 2011.
DOI : 10.1109/ARES.2011.34
, Integrity considerations for secure computer systems, 1977.
, ABLE: A toolkit for building multiagent autonomic systems, IBM Systems Journal, vol.41, issue.3, pp.41350-371, 2002.
DOI : 10.1147/sj.413.0350
, An autonomic cloud management system for enforcing security and assurance properties An advanced security-aware cloud architecture, Proceedings of the 2015 Workshop on Changing Landscapes in HPC Security High Performance Computing & Simulation (HPCS), 2014 International Conference on, pp.1-8, 2014.
, A practical alternative to hierarchical integrity policies, NIST SPECIAL PUBLICATION SP, p.10, 1989.
, From Autonomic to Self-Self Behaviors, Utility and Cloud Computing (UCC) IEEE/ACM 8th International Conference on, p.28, 2011.
DOI : 10.1145/2019591.2019597
URL : https://hal.archives-ouvertes.fr/hal-00949563
, Mandatory access control for the android dalvik virtual machine ESOS : Workshop on Embedded Self-Organizing Systems An autonomous cloud management system for in-depth security OSSEC host-based intrusion detection guide, 2013-USENIX Federated Conferences Cloud Networking (CloudNet), 2014 IEEE 3rd International Conference on, pp.368-374, 2008.
, Formalization and guaranty of system security properties : application to the detection of intrusions, 2007.
URL : https://hal.archives-ouvertes.fr/tel-00261613
, Electronic authentication guideline : Recommendations of the national institute of standards and technology, pp.800-63, 2013.
, Market-Oriented Cloud Computing: Vision, Hype, and Reality for Delivering IT Services as Computing Utilities, 2008 10th IEEE International Conference on High Performance Computing and Communications, pp.5-13, 2008.
DOI : 10.1109/HPCC.2008.172
, The architecture of vmware esxi, VMware White Paper, vol.1, p.7, 2008.
, Self-protection for distributed component-based applications Apache cloudstack : Open source cloud computing, Stabilization, Safety, and Security of Distributed Systems, pp.184-198, 2006.
, Google Apps : The Missing Manual : The Missing Manual, 2008.
, Merkat: A Market-Based SLO-Driven Cloud Platform, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science, pp.403-410, 2013.
DOI : 10.1109/CloudCom.2013.59
URL : https://hal.archives-ouvertes.fr/hal-00862509
, A language for specifying security and management policies for distributed systems, 2000.
, Department of Computing
, Self-managing systems : A control theory foundation, Engineering of Computer-Based Systems, 2005. ECBS'05. 12th IEEE International Conference and Workshops on the, pp.441-448, 2005.
, An agent based business aware incident detection system for cloud environments, Journal of Cloud Computing: Advances, Systems and Applications, vol.1, issue.1, pp.1-19, 2012.
DOI : 10.1007/s11623-011-0059-1
, OpenVPN : Building and integrating virtual private networks, 2006.
, Multi-agent systems : an introduction to distributed artificial intelligence, 1999.
, Role-based access control, 15th NIST-NCSC National Computer Security Conference, 1992.
, Cloud Foundry, 2015.
, Architecture of virtual machines, Proceedings of the workshop on virtual computer systems, pp.74-112, 1973.
, Intel trusted execution technology, 2012.
, Virtualization with kvm, Linux Journal, issue.166, p.8, 2008.
, Task oriented management obviates your onus on linux, Linux Conference, 2004.
, Protection in operating systems, Communications of the ACM, vol.19, issue.8, pp.461-471, 1976.
DOI : 10.1145/360303.360333
, Cloudaudit 1.0 -Automated Audit, Assertion, Assessment, and Assurance API (A6) Internet Engineering Task Force, 2010.
, Autonomic computing : Ibm\'s perspective on the state of information technology, 2001.
, Guide to attribute based access control (abac) definition and considerations, NIST Special Publication, vol.800, p.162, 2014.
DOI : 10.6028/NIST.SP.800-162
, Conformance Checking of Access Control Policies Specified in XACML, 31st Annual International Computer Software and Applications Conference, Vol. 2, (COMPSAC 2007), pp.275-280, 2007.
DOI : 10.1109/COMPSAC.2007.96
, A survey of autonomic computing???degrees, models, and applications, ACM Computing Surveys, vol.40, issue.3, p.407, 2008.
DOI : 10.1145/1380584.1380585
, ISO27002 : Information technology ? Security techniques ? Code of practice for information security controls, 2013.
, On agent-based software engineering, Artificial Intelligence, vol.117, issue.2, pp.277-296, 2000.
DOI : 10.1016/S0004-3702(99)00107-1
, Organization based access control, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp.120-131, 2003.
DOI : 10.1109/POLICY.2003.1206966
URL : https://hal.archives-ouvertes.fr/hal-01483818
, Jails : Confining the omnipotent root, Proceedings of the 2nd International SANE Conference, p.116, 2000.
, Reducibility among combinatorial problems, 1972.
DOI : 10.1007/978-3-540-68279-0_8
, SLA★: An abstract syntax for Service Level Agreements, 2010 11th IEEE/ACM International Conference on Grid Computing, pp.217-224, 2010.
DOI : 10.1109/GRID.2010.5697973
, The vision of autonomic computing, Computer, vol.36, issue.1, pp.41-50, 2003.
DOI : 10.1109/MC.2003.1160055
, The MEERKATS Cloud Security Architecture, 2012 32nd International Conference on Distributed Computing Systems Workshops, pp.446-450, 2012.
DOI : 10.1109/ICDCSW.2012.42
, kvm : the linux virtual machine monitor, Proceedings of the Linux Symposium, pp.225-230, 2007.
, Virtualization in linux, 2006.
, Google Compute Engine, Building Your Next Big Thing with Google Cloud Platform, pp.53-81, 2015.
DOI : 10.1007/978-1-4842-1004-8_4
, Towards a fault-tolerant multi-agent system architecture, Proceedings of the fourth international conference on Autonomous agents , AGENTS '00, pp.459-466, 2000.
DOI : 10.1145/336595.337570
, Protection, Proc. 5th Princeton Conf. on Information Sciences and Systems, pp.18-24, 1971.
DOI : 10.1145/775265.775268
, Dynamic protection structures, Proceedings of the November 18-20, 1969, fall joint computer conference on, AFIPS '69 (Fall), pp.27-38, 1969.
DOI : 10.1145/1478559.1478563
, A note on the confinement problem, Communications of the ACM, vol.16, issue.10, pp.613-615, 1973.
DOI : 10.1145/362375.362389
, Security-Aware Models for Clouds, ACM Symposium on High-Performance Parallel and Distributed Computing, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00840734
, Security for cloud environment through information flow properties formalization with a first-order temporal logic, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00916882
, The inevitability of failure : The flawed assumption of security in modern computing environments, Proceedings of the 21st National Information Systems Security Conference, pp.303-314, 1998.
, Web service level agreement (wsla) language specification. IBM Corporation, pp.815-824, 2003.
, The nist definition of cloud com- puting, 2011.
, Docker : lightweight linux containers for consistent development and deployment, Linux Journal, issue.2392, p.2014, 2014.
, Microsoft azure. https://azure.microsoft. com/. [Miner et Athey FCGlob : A New SELinux File Context Syntax, Proceedings of the Third Annual Security Enhanced Linux Sympo- sium, 2007.
, The State of SELinux, 2015.
, IaaS Cloud Architecture: From Virtualized Datacenters to Federated Cloud Infrastructures, Computer, vol.45, issue.12, pp.65-72, 2012.
DOI : 10.1109/MC.2012.76
, svirt : Hardening linux virtualization with mandatory access control, Linux. conf. au Conference, 2009.
, Extensible access control markup language (xacml) version 2.0. Oasis Standard, 2005.
, Microsoft Office 365 : Connect and collaborate virtually anywhere, anytime, 2011.
, Kerberos : An authentication service for computer networks, Communications Magazine, issue.9, pp.3233-3271, 1994.
, The Eucalyptus Open-Source Cloud-Computing System, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, pp.124-131, 2009.
DOI : 10.1109/CCGRID.2009.93
, OpenStack Juno. https://www.openstack. org/software A new algorithm for the maximum-weight clique problem, Nordic Journal of Computing, vol.8, issue.4, pp.424-436, 2001.
, Accountability for cloud and other future Internet services, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings, pp.629-632, 2012.
DOI : 10.1109/CloudCom.2012.6427512
URL : https://hal.archives-ouvertes.fr/hal-00778369
, Deploying openstack, 2011.
, vtpm : virtualizing the trusted platform module, Proc. 15th Conf. on USENIX Security Symposium, pp.305-320, 2006.
, Formal requirements for virtualizable third generation architectures, Communications of the ACM, vol.17, issue.7, pp.412-421, 1974.
DOI : 10.1145/361011.361073
, Implementing largescale autonomic server monitoring using process query systems, Autonomic Computing , 2005. ICAC 2005. Proceedings. Second International Conference on, pp.123-133, 2005.
DOI : 10.1109/icac.2005.34
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.98.2677
, Linux netfilter hacking howto Dispon?vel em http ://www. netfilter. org/documentation, 2002.
, Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues, 2010 Second International Conference on Computer and Network Technology, pp.222-226, 2010.
DOI : 10.1109/ICCNT.2010.49
, Unified login with pluggable authentication modules (PAM), Proceedings of the 3rd ACM conference on Computer and communications security , CCS '96, pp.1-10, 1996.
DOI : 10.1145/238168.238177
, The NIST model for role-based access control, Proceedings of the fifth ACM workshop on Role-based access control , RBAC '00, 2000.
DOI : 10.1145/344287.344301
, The schematic protection model: its definition and analysis for acyclic attenuating schemes, Journal of the ACM, vol.35, issue.2, pp.404-432, 1988.
DOI : 10.1145/42282.42286
, The typed access matrix model, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp.122-136, 1992.
DOI : 10.1109/RISP.1992.213266
, Role-based access control models, Computer, vol.29, issue.2, pp.38-47, 1996.
DOI : 10.1109/2.485845
, Exploiting architectural design knowledge to support self-repairing systems, Proceedings of the 14th international conference on Software engineering and knowledge engineering , SEKE '02, pp.241-248, 2002.
DOI : 10.1145/568760.568804
, Implementing selinux as a linux security module, NAI Labs Report, vol.1, issue.43, p.139, 2001.
, Virtual machines : versatile platforms for systems and processes, 2005.
, The architecture of virtual machines, Computer, vol.38, issue.5, pp.32-38, 2005.
DOI : 10.1109/MC.2005.173
, The dynamictyped access matrix model and decidability of the safety problem, IEICE transactions on fundamentals of electronics, communications and computer sciences, vol.87, issue.1, pp.190-203, 2004.
, The flask security architecture : System support for diverse policies, Proceedings of the Eighth USENIX Security Symposium, 1999.
, Detection, prevention, and containment : A study of grsecurity, Libre Software Meeting, 2002.
, Incits 359-2004, ANSI INCITS, pp.359-2004, 2004.
, PACT: Personal Autonomic Computing Tools, 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS'05), pp.519-527, 2005.
DOI : 10.1109/ECBS.2005.54
URL : http://uir.ulster.ac.uk/8199/1/2005-04-ECBS-PACT_personal_autonomic_computing_tools.pdf
, Underlying technical models for information technology security : recommendation of the National Institute of Standards and Technology, 2001.
DOI : 10.6028/NIST.SP.800-33
, Focale : A novel autonomic networking architecture, 2006.
, The Design of a New Context-Aware Policy Model for Autonomic Networking, 2008 International Conference on Autonomic Computing, pp.119-128, 2008.
DOI : 10.1109/ICAC.2008.36
, The Tree-to-Tree Correction Problem, Journal of the ACM, vol.26, issue.3, pp.422-433, 1979.
DOI : 10.1145/322139.322143
, Trusted computer system evaluation criteria. DoD 5200, p.28, 1985.
, Introduction to the TPM, Smart Cards, Tokens, Security and Applications, pp.155-172, 2008.
DOI : 10.1007/978-0-387-72198-9_7
, Ponder2 : A policy system for autonomous pervasive environments, Autonomic and Autonomous Systems ICAS'09. Fifth International Conference on, pp.330-335, 2009.
, A break in the clouds, ACM SIGCOMM Computer Communication Review, vol.39, issue.1, pp.50-55, 2008.
DOI : 10.1145/1496091.1496100
, Microsoft virtualization with Hyper- V, 2009.
, Security Enhanced Java: Mandatory Access Control for the Java Virtual Machine, 16th IEEE International Symposium on Object/component/service-oriented Real-time distributed Computing (ISORC 2013), pp.1-7, 2013.
DOI : 10.1109/ISORC.2013.6913208
URL : https://hal.archives-ouvertes.fr/hal-00840729
, Network Security with OpenSSL : Cryptography for Secure Communications, 2002.
, VESPA, Proceedings of the 9th international conference on Autonomic computing, ICAC '12, pp.155-160, 2012.
DOI : 10.1145/2371536.2371564
URL : https://hal.archives-ouvertes.fr/hal-00738174
, tcpdump advanced filters, 2013.
, The technical specification for the Security Content Automation Protocol (SCAP), p.126, 2011.
, Specification for the extensible configuration checklist description format (xccdf) version 1, 2011.
DOI : 10.6028/NIST.IR.7275r4
, Service Level Agreement (SLA) in Utility Computing Systems, 2012.
DOI : 10.4018/978-1-60960-794-4.ch001
, Service level agreement in the data center, 2002.
, Towards autonomic virtual applications in the in-vigo system, Autonomic Computing, 2005. ICAC 2005. Proceedings. Second International Conference on, pp.15-26, 2005.
, The secure shell (ssh) connection protocol, 2006.
, Google app engine, 2009.
, Cloud computing: state-of-the-art and research challenges, Journal of Internet Services and Applications, vol.33, issue.4, pp.7-18, 2010.
DOI : 10.1007/s13174-010-0007-6