Access control software must be based on a security policy model as software flaws often come from a lack of precision or some incoherences in the policy model. In this paper, we introduce an abstract framework allowing to define access control policies, in a very concise way, offering to refine specifications through several levels and ending by different possible implementations. Such a framework allows to formally reason about security policies and also to compare them, a point which is rarely approached. As an illustration, we give a formal description of the Bell and LaPadula and the Chinese Wall policies and we briefly sketch how to compare these two policies.