Rule languages have been used to specify security and management policies, such as access control and authorization policies, and network management policies. While these rule languages aim to simplify the specification and management of complex policies, large rule sets often contain subtle interactions, making them difficult to understand and reason about. Deductive spreadsheets (DSS) offer a new way of manipulating rules using a familiar spreadsheet-like interface. We will explore the use of DSS for security policy analysis, in particular for analyzing information flow properties of Role-Based Access Control (RBAC) rules, and for vulnerability analysis. Incremental evaluation is a central component of DSS: as in a traditional spreadsheet, when a cell value changes, all dependent cells are incrementally updated in a DSS. This talk will also describe the incremental rule evaluation techniques that form the basis for DSS.