Abstract: Mutual access dilemma between double-high level and double-low level resources in security and integrity was usually appeared during BLP model expansion with Biba. BLP model expansion with integrity which could resolve this dilemma was represented. An expansion model named BLP-I model was constructed in the view of product lattice analysis since lattice was BLP's mathematical background. The second dimension of label in BLP-I was substituted to indicate trust level. Read operation in security attribute and write operation in integrity were highlighted. The trust level of subject and messages had been read were distinguished. So the tranquility in BLP and dynamics in Biba during a lifecycle were coordinated in BLP-I. At last, dilemma was partially solved in BLP-I by permitting low security and integrity level direct report to double-high level while permitting double-high level lowered its own security level to issue to its underling.