"This document defines a security architecture used in the Secure Military message System (SMMS) project at the Naval Research Laboratory. The goal of this architecture is to provide high assurance that the full-scale prototype message system being constructed as a part of this project is secure. It presents design decisions and shows why a system built according to these decisions will conform to a formal model of security for processing military messages."
Naval Research Lab Report No. 9187
Defense Technical Information Center (DTIC): http://www.dtic.mil/