The main objective of the WHIPS project consists in developing an Intrusion Prevention System for Windows NT/2000/XP/2003 that is able to detect any attempt to hijack the control of privileged processes, for example by means of buffer overflow attacks. WHIPS is designed to confine root-privileged processes by mediating their use of security-relevant system calls. In particular, WHIPS provides:
- the detection of illegal invocation of critical system calls before they complete so to prevent attackers to hijack the control of any privileged process;
- an efficient check of the argument values of the system calls;
- an Access Control Database (ACD) that contains all rules defining system behavior.