I. Introduction
The identification and suppression of illegal information flows in software programs has been an active research topic for several decades. Roughly speaking, existing approaches can be classified as static techniques based on type systems [1]–[3], abstract interpretation [4] or other static analysis methods [5], dynamic techniques based on execution monitoring [6], [7], or combinations of static and dynamic techniques [8].