Specification and Verification of the UCLA Unix Security Kernel (Extended Abstract).