Text this: Formal verification of an operating system security kernel /