Formal methods for computer security