Disclosed is a method for providing secure access to multiple secure networks from a single workstation. The architecture can use multiple layers of protection to isolate applications running at different security levels. The first means of isolation is a virtual machine monitor that isolates multiple operating systems running within separate virtual machines on the host operating system. The second layer is the use of multiple user security contexts on the host operating system to isolate each virtual machine. The third level of protection is a highly secured and restricted host operating system where all unnecessary services are removed and user actions are restricted to just the virtual machine monitor using software restriction policies. Finally, the operating system and virtual machine monitor can be run from read-only media to prevent any changes by an attacker from persisting.