executing multiple application modules which access memory in a single memory address space;

prior to a memory access to an application state by an application module, detecting whether the state of the application module is corrupted;

when the state of the application module is corrupted, micro-rebooting the application module; and

when the state of the application module is not corrupted, permitting the application module to access the at least one block of memory allocated to the application module up to completion of a current execution of the application module, recalculating the MIC for the at least one block of memory allocated to the application module immediately after the execution of the application module, and replacing the stored MIC for the at least one block of memory allocated to the application module with the recalculated MIC for the at least one block of memory allocated to the application module;

wherein each of the application modules is allocated at least one block of memory in said single data memory space, and said step of detecting whether a state of the application module is corrupted comprises:

calculating a memory integrity code (MIC) for the at least one block of memory allocated to the application module as a function of content stored in the at least one block of memory allocated to the application module;

comparing the calculated MIC with a stored MIC for the at least one block of memory allocated to the application module;

when the calculated MIC is identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is not corrupted; and

when the calculated MIC is not identical to the stored MIC for the at least one block of memory allocated to the application module, determining that the state of the application module is corrupted.