Abstract: Bell-Lapadula model (BLP) is a classic model which is broadly used in military security domain. Existing research results havent taken into account the confidentiality period of the objects. In fact, the secrets preserved in objects have confidentiality period in the lifecycle of the objects. Exceeding the confidentiality period, the objects should be downgraded or declassified. In this paper, a multilevel security model based on the time limit is proposed. Through adding time parameters and checking functions to the BLP model, the objects can be downgraded or declassified when they exceed the confidentiality period. It solves the current problem of only setting the security level of the objects but keeping the security level of the objects unchanged for ever. The model restrains the usage ranges of trusted subjects, so the possible damage ranges induced by trusted subjects can be reduced. In the meantime, subjects with higher security level can write information to objects with lower security level through setting the confidentiality period of the objects flexibly without leaking high level secrets. This model improves the flexibility of the BLP model and expands the application in classified electronic file management. Through the noninterference theory, it is proved that the model meets multilevel security policy.