Abstract
A distinctive concern in the U.S. military for computer security dates from the emergence of time-sharing systems in the 1960s. This paper traces the subsequent dvelopment of the idea of a \"security kernel\" and of the mathmtical modeling of security, focusing in particular on the paradigmatic Bell LaPadula model. The paper examines the connections between security and formal , deductiv verification of the properties of computer systems. It goes on to discuss differencs between the cultures of communications security and computer security, the bureaucratic turf war over security, and the emergence and impact of the Department of Defense\'s Trusted Computer System Evaluation Criteria (the so-called Orange Book), which effectively took its final form in 1983. The paper ends by outlining the fragmentation of computer security since the Orange Book was written.