Model Carrying Code(MCC) provides a way to safe execution of untrusted code by taking both mobile code producer and consumers into consideration, where it checks mobile code security by comparing security related program behavior model with security policies. In this paper an enumeration based algorithm to checking security related behavior with respect to security policy has been given, where security behavior has been modeled as extended context free grammar and the security policy has been specified as extended FSA. Solutions to dealing with loops and recursions have been introduced. A program has been developed for implementing the algorithm, and several experiments have been done. It has been indicated that our algorithm can effectively check small scale security behavior models on the basis of simple security policies.