This paper describes a significant evolution in Operating System architecture for high assurance systems, the MILS Separation Kernel concept, how robust and trustworthy enforcement of Data Separation and Controlled Information Flow policies inhibit undesirable side effects among modules, the extension of Separation Kernel policy enforce-ment to distributed systems, and safe and secure foundations for network middleware such as CORBA, DDS, and Web Services.