The invention is a declarative language system and comprises a language as
a tool for expressing network security policy in a formalized way. It
allows the specification of security policy across a wide variety of
networking layers and protocols. Using the language, a security
administrator assigns a disposition to each and every network event that
can occur in a data communications network. The event's disposition
determines whether the event is allowed (i.e. conforms to the specified
policy) or disallowed and what action, if any, should be taken by a
system monitor in response to that event. Possible actions include, for
example, logging the information into a database, notifying a human
operator, and disrupting the offending network traffic.