To　address　the　problem　of　protection　and　sharing　of　information,　the　BLP　model　of　stand-alone　computer　system　was　extended　to　information　systems　with　multi-level　security,　the　principle　of　need-to-share　and　the　notion　of　multi-level　object　was　introduced,　and　a　multi-level　security　model　of　information　system　for　application　was　developed.　Then,　some　basic　security　assumptions　were　proposed,　and　the　formal　multi-level　security　model　of　information　system　was　presented.　The　security　model　allowed　the　information　to　be　securely　shared　with　the　right　people　and　protected　from　the　wrong　people,　while　maintaining　the　multi-level　security　of　information　system.