A MAJOR PROBLEM IN THE MILITARY APPLICATION OF COMPUTER SYSTEMS IS THE SHARED USE OF RESOURCES HAVE DIFFERENT CLASSIFICATIONS AND FORMAL CATEGORY SETS BY USERS WITH DIFFERENT SECURITY CLEARANCES AND FORMAL CATEGORY SETS. THE GENERAL TERM SECURITY LEVEL FOR BOTH USERS AND RESOURCES IS USED TO DENOTE THE COMBINATION OF CLEARANCE OR CLASSIFICATION AND FORMAL COMPARTMENT OR CATEGORY SET. OBJECTIVES OF A COMPUTER SECURITY NETWORK ARE TO PREVENT THE COMPROMISE OF CLASSIFIED INFORMATION, TO PREVENT UNAUTHORIZED MODIFICATION OR INSERTION OF DATA, AND TO PREVENT AN INTRUDER FROM DENYING SERVICES TO AN AUTHORIZED USER. THE ENFORCEMENT OF ACCESS CONTROL TO INFORMATION BASED ON SECURITY LEVEL CONSTITUTES FORMAL OR NONDISCRETIONARY SECURITY, BUT IT IS ALSO NECESSARY TO ENFORCE DISCRETIONARY OR NEED-TO-KNOW REQUIREMENTS. IN THE DISCUSSION OF COMPUTER NETWORK SECURITY, IT IS ASSUMED THAT COMPUTERS IN A NETWORK ARE AUTONOMOUSLY SECURE, I.E., THEY MAY HAVE A REFERENCE MONITOR TO IMPLEMENT MULTILEVEL SECURITY OR THEY MAY BE PHYSICALLY SECURED AND CONFINED TO OPERATE AT A SINGLE SECURITY LEVEL. THE GOAL IN A SECURE NETWORK SYSTEM IS TO LINK SECURE COMPUTERS IN A MANNER THAT ALLOWS NETWORKWIDE INTERPROCESS COMMUNICATION WITHOUT INTRODUCING FORMAL OR DISCRETIONARY SECURITY VIOLATIONS. SYSTEM-LEVEL ISSUES OF ACCESS CONTROL, IDENTIFICATION, AND AUDITING AFFECT THE DESIGN OF A COMPUTER NETWORK SECURITY SYSTEM. SUBSYSTEM-LEVEL ISSUES INFLUENCING THE IMPLEMENTATION OF A COMPUTER NETWORK SECURITY MODEL ARE COMMUNICATION, USER STATIONS, NETWORK FRONT-END PROCESSORS, AND SECURITY OFFICERS. IT IS CONCLUDED THAT THERE ARE SIX IMPORTANT ISSUES IN COMPUTER NETWORK SECURITY: (1) DISTRIBUTION OF CONTROL MECHANISMS; (2) IDENTIFICATION AND AUTHENTICATION; (3) ENCRYPTION TECHNIQUES; (4) COMMUNICATION PROCESSORS; (5) NETWORK FRONT-END PROCESSORS; AND (6) NETWORK USABILITY. RECOMMENDATIONS TO AID IN RESOLVING SECURITY ISSUES ARE OFFERED. ILLUSTRATIONS AND REFERENCES ARE INCLUDED. (DEP)