Systems and method of computer security are provided. In one implementation, a method is provided. The method includes monitoring incoming kernel mode calls and identifying a kernel mode call to verify using a predetermined criterion. The method also includes validating the identified kernel mode call, and processing the kernel mode call in accordance with the results of the validation of the kernel mode call. In another implementation a kernel application programming interface validation device is provided. The kernel application programming interface validation device includes a monitoring engine for monitoring incoming kernel mode calls, an analysis engine operable to examiner kernel mode calls, a validation engine operable to determine if a kernel mode call is valid using the results of the analysis engine, and a processing engine.