C. Alm, M. Drouineaud, U. Faltin, K. Sohr, and R. Wolf, A classification framework designed for advanced role-based access control models and mechanisms, 2009.

A. Anderson, XACML Profile for Role Based Access Control (RBAC). OASIS Standard, 2004.

D. Basin, J. Doser, and T. Lodderstedt, Model driven security, ACM Transactions on Software Engineering and Methodology, vol.15, issue.1, pp.39-91, 2006.
DOI : 10.1145/1125808.1125810

D. A. Basin, S. J. Burri, and G. Karjoth, Dynamic Enforcement of Abstract Separation of Duty Constraints, Lecture Notes in Computer Science, vol.2, issue.1, pp.250-267, 2009.
DOI : 10.1109/RISP.1990.63851

D. E. Bell and L. J. Lapadula, Secure computer systems: Mathematical foundations and model. reconstructionélectroniquereconstruction´reconstructionélectronique 2547 v2, MITRE Corporation, 1973.

F. David, D. R. Ferraiolo, R. Kuhn, and . Chandramouli, Role-Based Access Control, 2003.

B. Fraikin and M. Frappier, Efficient Symbolic Execution of Large Quantifications in a Process Algebra, ICFEM 2007, pp.327-344, 2007.
DOI : 10.1007/978-3-540-76650-6_19

B. Fraikin and M. Frappier, Efficient symbolic computation of process expressions, Science of Computer Programming, vol.74, issue.9, pp.723-753, 2009.
DOI : 10.1016/j.scico.2009.02.002
URL : http://doi.org/10.1016/j.scico.2009.02.002

M. Frappier, F. Gervais, R. Laleau, B. Fraikin, and R. St-denis, Extending statecharts with process algebra operators, Innovations in Systems and Software Engineering, pp.285-292, 2008.
DOI : 10.1007/978-3-642-18216-7
URL : https://hal.archives-ouvertes.fr/hal-01223276

F. Gervais, M. Frappier, and R. Laleau, Generating relational database transactions from eb 3 attribute definitions, Software & Systems Modeling, vol.18, issue.2, pp.423-445, 2009.
DOI : 10.1017/CBO9781139173018
URL : https://hal.archives-ouvertes.fr/hal-01224655

C. Gutiérrez, E. Fernández-medina, and M. Piattini, Towards a process for web services security, Journal of Research and Practice in Information Technology, vol.38, issue.1, 2006.

C. A. Hoare, Communicating Sequential Processes, 1985.
DOI : 10.1145/357980.358021
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.132.6772

V. Kolovski, J. Hendler, and B. Parsia, Analyzing web access control policies, Proceedings of the 16th international conference on World Wide Web , WWW '07, pp.677-686, 2007.
DOI : 10.1145/1242572.1242664
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.153.7297

P. Konopacki, Synthèse automatique de guarde EB3, 2008.

P. Liu and Z. Chen, An access control model for web services in business process. In WI '04: Proceedings of the, ACM International Conference on Web Intelligence, pp.292-298, 2004.

J. Milhau, B. Fraikin, and M. Frappier, Automatic Generation of Error Messages for the Symbolic Execution of EB 3 Process Expressions, Integrated Formal Methods: 7th International Conference, IFM 2009 Proceedings , volume 5423 de LNCS, pp.337-351, 2009.

R. Sandhu, Transaction control expressions for separation of duties, [Proceedings 1988] Fourth Aerospace Computer Security Applications, pp.282-286, 1988.
DOI : 10.1109/ACSAC.1988.113349

P. Sarbanes and M. Oxley, Sarbanes-oxley act, Public Law, issue.116, pp.107-204, 2002.

K. Emin-gün-sirer and . Wang, An access control language for web services, SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies, pp.23-30, 2002.