I think this technique has a lot of promise. There are several implementations.
Here is one. Google for "linux signed executables only" to see other references.
And those of you who think execution bits or restricted shells provide adequate security might want to take a look.