Abstract
A model developed for the investigation of security in computer systems is refined in three major ways, incoporating an object structure, a notion of current security level, and an altered *-property. In addition, the various ramifications of classifying a control structure are explored. It is shown that security requirements can be fulfilled in a system using these refinements.