Qualitative and quantitative information flow with applications to security