To be really secure, it should be based on TrueCrypt or similar.
Having every application installed in its own TrueCrypted virtual disk and (un)mounting them with passwords of groups of passwords.

Edit:
"passwords of groups of passwords."

What I mean by this, is every virtual disk (application) has its own automatically randomly generated strong password. There is a applock-password manager, where one can make any number and combination of groups of passwords and then give some own password for every group.

Also there is one master root-password which would open all passwords in the manager and would give ability to create/modify/destroy groups.

When some group is "opened" with the group-password, then the applock-password-manager would mount the corresponded TrueCrypted virtual disks with the passwords of that group. The system would unmount them optionally with selected timeout or manually.

Actual application binaries and their private resource datafiles are in these crypted virtual disks. In /usr/bin/ there is a softlink to the real program inside the virtual disk:
ln -s /mnt/applock/someapp/usr/bin/someapp /usr/bin/someapp

To be really practical, a package manager should support this system.

Also integrating SELinux or apparmor to this would not hurt. Every application would really run in its own sandbox and potential trojan horses couldn't mess outside of their sandbox.

Idea (c) GPLv3