With networks increasingly moving into virtually every aspect of our daily life, security is gaining importance, not only from the traditional perspective of communication but the network's growing role in modern automation and control. The traditional, certification based approach attempts to guarantee the security of a network through certification. Certified networks are generally confined to a limited domain and, as a result, they are isolated, costly, and under-utilized. In contrast, this paper presents a new principle – user-level, security-on-demand system, wherein the network allocates, where possible, the security resources commensurate with the user's request for transporting message(s) through the network securely. This principle is successfully demonstrated for the current Asynchronous Transfer Mode (ATM) networks, and is the result of an integration of the fundamental framework for network security, recently proposed by the authors in the literature, with the unique characteristics of ATM networks. The framework encapsulates the fundamental knowledge and set of relationships in network security and permits scientific and systematic reasoning about network security. It also enables all user groups – military, government, industry, and academia, to define their security requirements in a uniform manner. The security-on-demand approach promises the development of a "mixed use" class of networks in the future that may be simultaneously shared by different groups of users, with the system sustaining the diverse security requirements of each user. A unique characteristic in ATM network design is the dynamic call setup process. Under it, a network first establishes a virtual path or route for a user's call, guided by the user's requirements, and then transports the messages when a route has been successfully determined. This unique ATM characteristic is integrated with the framework to yield a successful demonstration of the proposed, user-level, security-on-demand approach. Utilizing the security framework as the foundation, every element of the network – node and link, is characterized by a security matrix that reflects its security resources. Every user is permitted to specify the security requirement for the call through a matrix, which expresses the limits of the security resources that the traffic cells must encounter during their transport through the network. Thus, during the dynamic establishment of the virtual path, every node and link is examined to ensure that the user-specified security is met, in addition to bandwidth and other Quality of Service (QoS) requirements. Traffic is launched when the call setup succeeds, otherwise, the call fails. Like all networks, the ATM network inherently consists of geographically dispersed entities and, as a result, the resource allocation strategy is necessarily distributed. Furthermore, as the network operation progresses, the resource availability scene changes dynamically. This paper proposes a unique function that reduces the key network resource parameters at a node to a single value, termed Node Status Indicator (NSI). The NSI value is computed dynamically at every node and disseminated across the network to be utilized by a node to refine its determination of a virtual path for a user call. The aim of the NSI is to improve the resource utilization in the network. The proposed approach is modeled for a large-scale, representative, 40-node ATM network. Utilizing stochastic input traffic that is synthesized to reflect realistic operating conditions, the model is simulated extensively on a testbed of 35+ Pentium workstations, under Linux, configured as a loosely-coupled parallel processor, utilizing an accurate, asynchronous, distributed simulator. The simulator implements the key characteristics of the ATM Forum proposed P-NNI 1.0 and UNI 3.0 standards. While the simulation results reflect a successful realization of the proposed approach, analysis reveals minimal impact of incorporating security on ATM network performance, as measured through call success rates and call setup times. In contrast, the tradition has been to incorporate security into large-scale systems and networks as an afterthought, i.e. adding hardware and software devices after the design has been completed, resulting in performance degradation. Also, while the use of NSI is observed to yield slightly lower average call setup rates and slightly higher average call setup times, a careful analysis of the trace of the calls as they progress through the system, reveals that, in general, calls are dispersed throughout the network, seeking to utilize all available resources of the network more evenly.