"... In PAGE 5: ...Table1 lists the lines of code (LOC) of each implementation. The LOC counts for Chat2 do not include the extra coding effort requirement placed on clients.... In PAGE 5: ...The results in Table1 show that even for the simple Chat component, enforcing the usage constraints is a significant effort. Since the behaviors of Chat, Chat2, and Chat3 are identical, it is fair to state that most of the additional LOC are due to checking the usage constraints.... In PAGE 5: ... A second lips tool, the deployer, then generates additional code to integrate the lips container into a particular technology such as CORBA. In Table1 , we showed the LOC for our lips version of the Chat component, Chat3. This implementation makes use of the lips toolset to automatically generate the enforcement code.... ..."

"... In PAGE 16: ...Table3... ..."

"... In PAGE 5: ...yn. Code Gen. W32-Sapphire MS SQL server Worm Code Injection 4.2 Malicious code samples Table2 lists the MC samples. These consist of the viruses and worms that use dynamic code generation (polymorphism), obfuscation, and code injection.... ..."

"... In PAGE 5: ...yn. Code Gen. W32-Sapphire MS SQL server Worm Code Injection 4.2 Malicious code samples Table2 lists the MC samples. These consist of the viruses and worms that use dynamic code generation (polymorphism), obfuscation, and code injection.... ..."

"... In PAGE 25: ... However, the model checker can verify the deadlock freedom of its each task component. Table4 illustrates the results of model checking these components against DF . With Theorem 2.... ..."

"... In PAGE 21: ... However, the model checker can verify the deadlock freedom of its each task component. Table2 illustrates the results of model checking these components against DF . jSj is the number of states that have been traversed during model checking.... ..."

"... In PAGE 11: ... At that point, signal Match is asserted and the monitor resumes execution in S2. During instrumentation of the new path, a set of highly-restrictive policies (listed in Table9 ) is enforced at run-time before any instruction completes execution. (This part of our work uses a similar concept to the one in [13]).... In PAGE 12: ...43 28.11 P8 13881 and performing various checks against behavioral model M and the list of restrictive security policies given in Table9 . For evaluation purposes, we divided the testing procedure into two scenarios: (1) application is executed with user inputs already tested in the Testing environment, (2) application is executed with user inputs not tested in the Testing environ- ment and which exercise new execution paths.... In PAGE 13: ... C. Detection and false alarm rates in the Real Environment: Behavioral models extracted in the detection mode, in addition to the restrictive security policies of Table9 , successfully halted the exploit of any code vulnerabilities in the Real environment or prevention mode. We have tested our approach in the Real environment using a set of input vectors that was used in the detection mode and another set of inputs that was not tested.... ..."