Abstract: In order to enhance the network security protection ability of railway applications in the new type computing infrastructure environment, according to the basic requirements for network security level protection of information security technology, based on the existing railway network architecture, this paper designed the railway cyberspace security system architecture, and put forward the mandatory access control model suitable for the system architecture based on marking technology. According to this model, the marking technology could be used to implement the forced access between the same domain in the same cyberspace, different domains in the same cyberspace and different cyberspace, and work together with trusted operating system, data exchange platform and data exchange bus, so as to implement the control of access operation, ensure data security exchange and improve the security protection ability of railway computing platform.