The volatile kernel call codes is a technique that converts the instructions used to invoke the three kernel calls of OSHS to passwords of sorts. The compiler will know these passwords so it will be able to produce working executables but an attacker coming from outside will not since these passwords are specific to a particular machine and will not work on another machine. And when he tries and guesses wrong, the process and thus the connection to the attacker is gone.
This technique provides somewhat weak protection on its own. The reason is that by analyzing the code portion of the address space the skillfull attacker can obtain the bytes of the password. The length of the password is not available but a simple piece of code can be used to autodetect it in one go. However by combining it with aerated code space and randomized stack frames, scavenging the code for kernel access passwords (especially when the attacker needs to do this in one or very small number of tries) can be made almost impossible.