THE CONCEPTS AND TECHNIQUES UNDERLYING THE BELL-LA PADULA COMPUTER SECURITY MODEL, ON WHICH THE PRESENT MODEL IS BASED, ARE DESCRIBED. THE BELL-LA PADULA MODEL REPRESENTS ABSTRACTLY THE ELEMENTS OF COMPUTER SYSTEMS IN A MANNER THAT FACILITATES THE STUDY OF SECURITY ISSUES. CHANGES IN, EXTENSIONS OF, AND ADDITIONS TO THE BELL-LA PADULA MODEL INCORPORATED IN THE PRESENT MODEL ARE REPORTED IN DETAIL, WITH PARTICULAR ATTENTION TO THE RELATIONAL APPROACH TO DATA MANAGEMENT REFLECTED IN THE PRESENT MODEL. A FORMAL MATHEMATICAL STATEMENT OF THE MODEL IS SET FORTH, TOGETHER WITH SYSTEM DESIGN AXIOMS INFERRED FROM THE MODEL. THE AXIOMS DEFINE HOW THE MODEL WILL RESULT IN CONFORMANCE WITH MODEL ITSELF IS HIGHLY ABSTRACT, BUT IT CAN SERVE AS THE BASIS FOR THE ACTUAL ENGINEERING OF PROTECTED DATA THE ACTUAL ENGINEERING OF PROTECTED DATA MANAGEMENT SYSTEMS, I.E., SYSTEMS IN WHICH BOTH UNAUTHORIZED OBSERVATION OF DATA (SECURITY) AND UNAUTHORIZED MODIFICATION OF DATA (INTEGRITY) ARE CONTROLLED. THE MODEL IS VALID IN THREE DIFFERENT ENVIORNMENTS: DEDICATED DATA MANAGEMENT SYSTEMS; PARTITIONED SYSTEMS (ONES IN WHICH THE DATA MANAGEMENT SYSTEM IS IMPLEMENTED AS AN APPLICATION PROGRAM ON A COMPUTER SYSTEM PROCESSING A SECURE OPERATING SYSTEM); AND A NETWORK OF PROTECTED SYSTEMS. SUPPORTING TECHNICAL MATERIALS AND A LIST OF REFERENCES ARE PROVIDED. (LKM)