Not your typical threat model but when using an "anonymizer" such as Tor protecting the IP address is a top priority. I know that full OS virtualization can provide additional layers of defense but it also adds much code, complexity and maintenance overhead.
Do you think a more lightweight approach using MAC/RBAC is possible?
The goal is that an adversary who exploited an application (e.g. web browser) needs at least another exploit or "sandbox escape" to even determine the "real" IP. Firewalling the application is not enough, if it can be leaked over allowed channels that would still result in a compromise.
discussion about that here: http://forum.dee.su/topic/getting-secur ... es-fast-er