Modelling downgrading in information flow security | IEEE Conference Publication | IEEE Xplore