Summary In the field of cloud computing, collaboration and data sharing among clouds have dramatically increased. How to protect the security of shared cloud data is being an urgent problem. Based on decentralized information flow control (DIFC) model, this paper presents an approach, DIFC-based data sharing approach (DIFCS), to protect both confidentiality and integrity of shared cloud data. Additionally, this paper designs a privilege protection policy for DIFCS, resulting in its capability of preventing malicious users from modifying privilege. The correctness and security properties of DIFCS are proved by formal analysis and verification, where firstly, DIFCS is formally interpreted into high-level petri net (HLPN) representation and analyzed using Z language, then is automatically verified with SMT-Lib and Z3 solver. The formal analysis and verification results reveal that DIFCS holds the security properties of confidentiality, integrity, authenticity, and privilege tamper-proof. The experimental results further demonstrate the high efficiency of DIFCS.