Structure of the security.psl file

A description of a solution security policy consists of the following sections:

• Describing the global parameters of the security module
• Connecting other PSL descriptions (including the utilized policy classes)
• Connecting EDL descriptions of entities
• Creating policy class objects
• Linking of events to policies
• [Optional] Declaration of audit profiles
• [Optional] Description of tests of the solution security policy based on the Policy Assertion Language (PAL)

General syntax

Sections of the solution security policy description may be presented in any order in the security.psl file.

The file consists of declarations that can be in the following formats:

• Linear: <decl> <body ...>
• Modular:

  show <args ...> {

  <body ...>

  }

Indentations are part of the syntax and are used to delimit declarations. There are no formal characters to end a declaration, so a declaration continues until the number of indentations in a line is equal to the number of indentations in the first line of the declaration.

Single-line comments and multi-line comments are supported:

/* This is a comment

And this, too */

// Another comment

In this section Describing the global parameters of the security module Connecting other PSL descriptions Connecting EDL descriptions of entities Creating policy class objects Binding events to policies Declaring and assigning audit profiles Testing a solution security policy based on the Policy Assertion Language (PAL)

Page top