Mandatory access control (MAC) model is an important security model. Based on the lattice model of security level and Bell-LaPadula model the definition of MAC security model is formally described in detail. The equivalent MAC security model described by colored Petri nets (CPN) is proposed. According to the state reachability graph, four security properties of MAC security model, i.e. the access temporal relations, the reachability of objects when subject accesses them, hidden security holes due to the dynamic security level, the indirect reasoning of confidential information flow between different objects, are explored at length. In addition, an example of the security model is illustrated and the conclusions show that the security model based on Petri nets is not only a concise graphic analysis method, but also suited to be formally verified. This model can efficiently improve the whole security policies during the system security design and implementation.