The overall objective of this project is to implement an extensible, automate tool for penetration analysis of trusted software written in C, and to develop an educational and training package that would enhance the analyst's ability to apply the penetration tool to real trusted-system software. An additional objective is to perform experiments with the tool on selected trusted-system code to demonstrate the usefulness of tool-based penetration analysis. The tool will enable the identification of flaws in trusted code that could lead to system penetration, and will generate sufficient information to help produce real penetration scenarios and countermeasures. The Phase II of this project includes the implementation and testing of the (1) penetration tool engine, which consists of the primitive-flow generator, flow integrator, condition set consistency checker, and flaw-detection modules, (2) LAPRES (LAnguage for Penetration REsistance Specifications) compiler, which translates the analyst's penetration resistance specification in the format required by the flaw-detection modules, (3) GPA (Graphical Penetration Analysis) tool, which enables the analyst to browse through and display integrated flow paths of trusted code and their security checks, to specify penetration-resistance conditions in LAPRES, and to perform flaw-detection tasks on actual trusted code. Phase II also includes the development and implementation of an educational and training package for the use of the penetration analysis tools, and two demonstrations on the application of the tools to trusted code of significant size.