THE INCREASING USE OF COMPUTERS BY THE MILITARY, AND THE INTEGRATION OF COMPUTER AND COMMUNICATIONS SYSTEMS, ENHANCED THE MILITARY'S PROBLEMS IN COMPUTER SECURITY. THE DEFENSE COMMUNICATIONS AGENCY INVESTIGATED THE USE OF SECURE SUBSYSTEMS AS A MEANS OF COMPUTER SECURITY. EACH SUBSYSTEM IS A COMPUTER PROGRAM WHICH GUARANTEES THAT ITS USERS WILL NOT HAVE ACCESS TO OTHER PROGRAMS AND INFORMATION IN THE TOTAL COMPUTER NETWORK. USERS ARE EFFECTIVELY RESTRICTED TO MATERIAL WHICH IS AUTHORIZED FOR THEM. ARGUMENTS FAVORING CONTROLLED ISOLATION OF COMPONENTS INCLUDE THE DIFFICULTY IN SUBVERTING A COMPUTER WHICH ONLY PERFORMS ONE FUNCTION, AND THE GREATER RELIABILITY OF SMALL, WELL-PACKAGED PROGRAMS. COMPUTER SECURITY WHICH RELIES ON SUBSYSTEMS REQUIRES A SET OF RELIABLE, LIMITED FUNCTION PROGRAMS. EACH OF THE PROGRAMS CANNOT INTERFERE WITH ANY OF THE OTHERS, YET EACH MUST BE CAPABLE OF IDENTIFYING ITS USERS, 'ENCAPSULATING' THE USERS FROM ACCESS TO OTHER SYSTEMS, AND TRANSMITTING NECESSARY INFORMATION TO THE LARGER SYSTEM. EACH SUBSYSTEM FUNCTIONS AS AN 'AGENT' OR A 'CONDUIT' FOR THE TOTAL COMPUTER NETWORK WHILE MAINTAINING THE SECURITY OF THE SYSTEM. EXPERIENCE WITH SUBSYSTEMS WHICH CONNECT TERMINALS CARRYING INFORMATION OF VARIOUS SECURITY CLASSIFICATIONS, AND SUBSYSTEMS WHICH PURGE DATA FROM STORAGE, INDICATE THE SUCCESS OF THE SECURITY DESIGN. REFERENCES ARE PROVIDED. (TWK).