Abstract: Current research on declassification policies mainly involves content, location, time and other dimensions, and each of them has some limitations. Attacker could learn more confidential information than intended by using the vulner}r bility of other dimensions. A synthesis of different dimensions in declassification policy would further improve assu- rance that confidential information is being declassified properly. This paper proposed a declassification policy based on the content and location dimensions, using attacker knowledge model. The key idea of content dimension of the policy is that attacker is not allowed to increase observations about confidential information by causing misuse of the declassifica- lion mechanism,and that location dimension of the policy controls confidential information is declassified only through the declassification statement. Additionally,we established type rules of policy enforcement and proved its soundness.

Key words: Information-flow controls, Declassification policy, Confidentiality, Non-interference