| [B&L] | Bell, D. E. and LaPadula, L. J., Secure Computer Systems: Unified Exposition and MULTICS Interpretation, Revision 1, US Air Force ESD-TR-75-306, MITRE Corporation MTR-2997, Bedford MA, March 1976. |
| [Biba] | Biba, K. J., Integrity Considerations for Secure Computer Systems, ESD-TR-372, ESD/AFSC, Hanscom AFB, Bedford MA., April 1977. |
| [CTCPEC] | Canadian Trusted Computer Product Evaluation Criteria, Version 3.0, Canadian System Security Centre, Communications Security Establishment, Government of Canada, January 1993. |
| [FC] | Federal Criteria for Information Technology Security, Draft Version 1.0, (Volumes I and II), jointly published by the National Institute of Standards and Technology and the National Security Agency, US Government, January 1993. |
| [Gogu1] | Goguen, J. A. and Meseguer, J., "Security Policies and Security Models," 1982 Symposium on Security and Privacy, pp.11-20, IEEE, April 1982. |
| [Gogu2] | Goguen, J. A. and Meseguer, J., "Unwinding and Inference Control," 1984 Symposium on Security and Privacy, pp.75-85, IEEE, May 1984. |
| [ITSEC] | Information Technology Security Evaluation Criteria, Version 1.2, Office for Official Publications of the European Communities, June 1991. |
| [ISO/IEC 7498-2:1989] |
Information processing systems - Open Systems Interconnection - Basic Reference Model, Part 2: Security Architecture. |
| [TCSEC] | Trusted Computer Systems Evaluation Criteria, US DoD 5200.28-STD, December 1985. |