Landwehr, C.E., "How far can you trust a computer?" SAFECOMP'93, Proc. of the 
  12th International Conf. on Compute Safety, Reliability, and Security, 
  Poznan-Kiekrz, Poland, Oct., 1993, Janusz Gorski, ed.,  ISBN 0-387-19838-5, 
  Springer-Verlag, New York, 1993.
<a href="1993landwehr-csrs.ps">
 PostScript</a>

<blockquote>
The history of attempts to secure computer systems against threats to
confidentiality, integrity, and availability of data is breifly
surveyed, and the danger of repeating a portion of that history is
noted.  Areas needing research attention are highlighted, and a new
approach to developing certified systems is described.
</blockquote>