Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumers behaviors in run time. By means of trustful behavior model (TBM), if finding the consumers behavior is of misusing, the monitor will deny its request. If finding the consumers behavior is of malicious, the monitor will early terminate the consumers access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumers behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rules number in TBM continuously, our mechanism can still work well.