To be really secure, it should be based on TrueCrypt or similar. Having every application installed in its own TrueCrypted virtual disk and (un)mounting them with passwords of group of passwords. Edit: "passwords of group of passwords." What I mean by this, is every virtual disk (application) has its own automatically randomly generated strong password. There is a password manager, where one can make any number and combination of groups of passwords and then give some own password for every group. Also there is one master root-password which would open all passwords in the manager and would give ability to create/modify/destroy groups. When some group is "opened" with the group-password, then the password-manager will mount the corresponded TrueCrypted virtual disks. Would unmount them optionally with selected timeout or manually. Actual application binaries and their private resource datafiles are in these crypted virtual disks. In /usr/bin/ there is a softlink to the real program inside the virtual disk: ln -s /mnt/applock/someapp/usr/bin/someapp /usr/bin/someapp To be really practical, a package manager should support this system. Idea (c) GPLv3