Security policies are abstract descriptions of how a system should behave to be secure. They typically express what is obligatory, permitted, or forbidden in the system. When the system is implemented, its formal verification consists in checking whether it conforms to the norms that its policy stated. Hence, security policies significantly influence the final assessment of real systems. Experience shows that important policies suffering inconsistencies have reached the final stage of implementation in a real system. Here comes the formal analysis at the abstract level of policies. It is advocated that known inductive techniques and a general-purpose proof assistant can be used profitably for the proof of correctness of security policies.