This document discusses enhancements to the operating system to prevent misuse of system calls. It proposes monitoring system calls at the kernel level to detect illegal invocations and block malicious completion of system calls. A reference monitor is used to check arguments of threat level 1 system calls, like those that could modify critical files or spawn shells. New data structures are implemented to authorize access based on an access control database and reference functions. The approach aims to prevent buffer overflow attacks with minimal performance overhead.