In August I finally submitted my PhD thesis, coming close to wrapping up my long career as a tenured graduate student. Although the work hasn't been accepted yet, there has been some interest expressed in portions of it so I've put a few chapters online. Note that these chapters represent a draft only and are not the completed work. The main part of the thesis, Chapters 1-5, is available from http://www.cs.auckland.ac.nz/~pgut001/pubs/thesis.html. These chapters look at an alternative way of building what people have been trying to do with Orange Book B3/A1-type systems, but in a way which is feasible and practical for an open source system where you don't have tens of millions of dollars and 5-10 years available to produce a product. The chapters are (from the web page, where they're links to the docs): The software architecture, wherein the cryptlib software architecture is presented The security architecture, wherein the cryptlib security architecture is presented The kernel implementation, wherein the implementation details of the cryptlib security kernel are examined Verification techniques, wherein existing methods for building secure systems are examined and found wanting Verification of the cryptlib kernel, wherein a new method for building a secure system is presented. Peter.