FoCaLiZe is an object-oriented programming environment that combines specifications, programs and proofs in the same language. This paper describes how its features can be used to formally express specifications and to develop by stepwise refinement the design and implementation of se- cured systems, while proving that the implementation meets its specification or design requirements. We thus obtain a modular implementation of a generic framework for the def- inition of security policies together with certified enforce- ment mechanism for these policies.