SLIDE #1 -- BASIC SPCL COMPONENTS

SPCL: Structured Policy Command Language

main elements

* zone

* policy

* object

* principal

* group

* action

* basic rule
  ("ALLOW"|"DENY") (action_list) "ON" object

* optional clauses
  - when
  - side-effects 
     * meta-action
     * rule update

Precedence



SLIDE #2 -- SAMPLE SPCL PROGRAM


zone smith_house;

policy HouseRules {

       default{
		DENY *;
       }

       group Parents {
		ALLOW * ON *;     
       }


       group Children {
		ALLOW "open" ON refrigerator;         
		ALLOW "open" ON front_door;         
		ALLOW "watch" ON tv WHEN ( system.time <= "9:00 pm");
       }

       principal Mom {
		 alias Glenda, supermom, ADMIN;
		 groups Parents;
       }

       principal Dad {
		 alias George;
		 groups Parents;
		 DENY "open" ON refrigerator WHEN ( system.time >= "8:00 pm");	
       }	

       principal Son {
		 alias Timmy;
		 groups Children;
		 DENY "watch" ON tv WHEN ( tv.channel != "Playboy");	
       }	

       principal Daughter {
		 alias Sarah;
		 groups Children;
		 DENY "open" ON front_door WHEN ( system.time >= "11:00 pm")
		      AND {NOTIFY ADMIN};	
       }	

       object front_door {
	      actions {
		      action unlock_door = "unlock";
		      open_door.meta_action = NOTIFY Mom;
	      }
       }

       object refrigerator {
	      actions {
		      action open_frige = "open";	
		      open_frige.meta_action = NOTIFY Mom;
	      }	      
       }

       object tv {
	      string channel = "Playboy";
       	      actions {
		      action watch_tv = "watch";
	      }
       }
}

  























