Abstract: Access control is one of the most important protection mechanisms of current mainstream operating systems. It is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. There are some typical security policies of access control. The mainstream operating systems is inadequate to support multi-policy at the same time for enforcing different access control decision. Integrity of multi-policy is an important part of access control research in secure systems. Trusted recovery is the necessary function of high-level security operating system. The objective of trusted recovery is to ensure the maintenance of the security and accountability properties of a system in the face of failures. This paper presents a trusted recovery monitoring model, which can solve some limits of strict security policy for access control. Firstly, the framework of model is given. The formal Clark-Wilson model and its improved model PCW (Poveys Clark-Wilson) are implemented by configuring TE (type enforcement) and RBAC (role-based access control) model. Secondly, combining the characteristics of a file system in operating system, this paper presents how to recover the file system to its last consistency secure state, in conservative and optimistic recovery policy respectively, by analyzing audit logs and undoing some malicious operations. This method can recover the system to a secure state in the face of failures and improves the availability of the system. It provides an important exploration for the design and implementation of the trusted recovery mechanisms of our own high-level secure operating system.