Adjoining Declassification and Attack Models by Abstract Interpretation