Abstract: To address the problem of protection and sharing of information,the BLP model of stand-alone computer system was extended to information systems with multi-level security,the principle of need-to-share and the notion of multi-level object was introduced,and a multi-level security model of information system for application was developed.Then,some basic security assumptions were proposed,and the formal multi-level security model of information system was presented.The security model allowed the information to be securely shared with the right people and protected from the wrong people,while maintaining the multi-level security of information system.