The application security of information systems is essentially to ensure the safety of business processes elements (BPEs) supported by information system, that is, by implementing appropriate security measures to ensure that the business processes operate in a well-defined and logical manner. A security model based on business process is proposed in this paper, through defining basic safe attributes of business process, also the security target recognition and consistency test of the model are given.