Abstract: MLS security policy aims at only confidentiality assurance, with less consideration on integrity assurance and weakness in channel control policy. And its way to handle the trusted subjects has many security shortcomings. Moreover, increasing diversity of

Key words: Security model, Multiple security policies, Multilevel security policy, Least privilege, Confidentiality assurance, Integrity assurance