To solve the problem that current Decentralized Information Flow Control (DIFC) systems are unable to monitor the integration of host and network sensitive data effectively, a new design framework of DIFC system based on Software Defined Network (SDN), called S-DIFC, was proposed. Firstly, this framework used DIFC modules to monitor files and processes in host plane with fine granularity. Moreover, label mapping modules were used to block network communication and insert sensitive data labels into network flow. Meanwhile the multi-level access control of the flow with security label was implemented with SDN's controller in network plane. Finally, S-DIFC recovered security labels carried by sensitive data in DIFC system on target host. The experimental results show S-DIFC influences host with CPU performance decrease within 10% and memory performance decrease within 1.3%. Compared to Dstar system with extra time-delay more than 15 seconds, S-DIFC mitigates communication overhead of distributed network control system effectively. This framework can meet the sensitive data security requirements of next generation network. In addition, the distributed method can enhance the flexibility of monitor system.