Abstract: When industrial control systems with a high security level were in poor working conditions or encounter vicious attacks, safety problems such as behavior tracks abnormity and privilege-exceeding call would come out to affect the safety of production. In order to solve the problem, a safety method based on access verification was proposed from the perspective of system action and privilege control. To ensure the state security during working condifions, system state transition rules were defined and the system state could be monitored in real time. Illegal behaviors such as abnormal execute traces and privilegeexceeding function calls would be detected in time. The feasibility of the method was further illustrated by theoretical identification and analysis of attack instances.