Types and Access Controls for Cross-Domain Security in Flash