With　the　rapid　development　of　informationization　process,　the　need　to　collaborate,　share,　and　exchange　information　between　different　departments　of　an　information　system　has　become　more　and　more　imperative.　In　this　paper,　the　security　requirements　of　information　systems　with　multi-level　security　are　analyzed　and　the　security　assumptions　are　proposed.　Second,　BLP　model　of　stand-alone　computer　systems　is　extended　to　information　systems,　the　new　interpretations　of　subjects　and　objects　in　information　systems　is　introduced,　the　new　need-to-share　category　is　added　to　subjects　and　objects,　and　a　multilevel　security　model　for　information　systems　is　developed.　Finally,　the　formal　description　of　the　security　model　is　presented,　the　full　set　of　access　rules　that　apply　to　the　system　are　established,　and　the　security　of　the　information　system　is　proved.　The　new　security　model　allows　information　being　securely　shared　with　the　right　users　and　protected　from　the　wrong　user,　while　maintaining　the　multilevel　security　of　information　systems.