"The environment has been defined and the security assumptions have been described in such publications as A Security Model and Policy for a Multi-Level Secure Local Area Network, by Peter Loscocco, Security and Privacy Conference, Berkeley, Calif., 1987." . . . .