“…Recent years have seen significant progress in automated and semi-automated techniques for the verification of security requirements of computer systems [4,10,16,19,30,47,50,55]. Much of this progress has built on the theory of hyperproperties [21], and these have been used extensively in analysis of whether systems satisfy secure information flow properties [1,2,6,8,15,28,35,37,39,49,57] such as observational determinism [41,55] and non-interference [32]. Unfortunately, the security specification of several important security primitives cannot be captured by secure information flow properties like observational determinism.…”