The invention discloses a method and system for establishing a security system based on a domain mechanism. The method includes the following steps of configuring domain management information, setting related information of a resource object, configuring and registering a failure diagnosis routine, starting the failure diagnosis routine, establishing a domain environment, initializing a securitycore, executing scheduling and running software, intersecting a software calling security API of a security domain with the security core, intersecting a software calling ordinary API of an ordinary domain with the security core, and regularly detecting the current system state through the security core. The system comprises system domains and application domains. The application domains include the security domain and the ordinary domain. The smaller the domain value of software is, the higher the authority is; software with high authority can have access to the software itself and resourceswith lower authorities, and software with the same authority can have access to one another. The domain mechanism is sufficiently used, and security isolation is achieved; the individualized securitysystem of different grades can be established; control is flexible, and strength is reasonable; hardware characteristics are not depended on, and portability is high.