EXECUTION MONITORING OF SECURITY-CRITICAL PROGRAMS IN A DISTRIBUTED SYSTEM: A SPECIFICATION-BASED APPROACH By

Committee in Charge 1996 i Acknowledgements I a m d eeply indebted to m y advisors, Karl Levitt a n d Manfred Ruschitzka. Without their help and guidance, I was not able to nish this work. Special thanks to Karl for his precious time a n d e n ergy, a n d h i s p a tience in teaching m e not only how t o perform research, but also how to write proposals, deal with sponsors, give presentations, and survive as a researcher in the security eld. I w ould like t o t hank Manfred for the t ime a n d eeort he h as spent w orking with me a n d p o lishing t he dissertation. His ideas and insightful suggestions have greatly enrichedthe t echnical content o f t his work; his persistent pursuit of clarity h as greatly improveditspresentation. I would also like to thank the other member of my committee, Matt Bishop, for his valuable comments o n t his dissertation. I also thank the fellow s t udents a n d researchers in the security group for their comments a n d feedbacks on myresearch. Thank Jim Hoagland, Steven Cheung, and Raymond Yip for proofreading drafts o f t his dissertation. I w ould like t o t hank my family and friends for their support and constant encouragement , especially my wife Mandy, for her patience and u nderstanding a n d also for her great assistance in proofreading early drafts o f t his dissertation. Finally, I would like to thank God my heavenly Father, my beloved Jesus, and the Holy Spirit for His eternal love, encouragement and constant nourishment. His grace has always been suucient for me.