What you're experiencing is one of the frustrating pieces of Ownership Chaining. A DENY is not respected when an Ownership Chain is in play because only the highest chain in the link has its permissions checked.

This worked for me:

USE YourDatabase; DENY SELECT ON sys.[check_constraints] TO public;

-- note that this affects all users in all databases who only have public membership into master, i.e. mapped via the guest user

USE master; DENY SELECT ON INFORMATION_SCHEMA.check_constraints TO public;

And this puts the furniture back:

USE YourDatabase; REVOKE SELECT ON sys.[check_constraints] TO public;

USE master; GRANT SELECT ON INFORMATION_SCHEMA.check_constraints TO public;