Procedural Security Analysis: A Methodological Approach