In　this　paper,　we　introduce　a　new　application　isolation　model　which　bases　on　Least-Privilege　principle　and　Need-to-Know　principle.　Since　this　model　is　easy　to　implement,　we　call　it　the　Feather-weight　Application　Isolation　(FAI)　model.　This　model　is　used　to　achieve　the　Process　Permission　Constraint　(PPC)　and　classified　Object　Access　Control　(OAC).　The　model　allows　us　to　make　application　isolation　depending　on　PPC　policies　and　OAC　policies.　Compared　with　the　existing　complex　isolation　models　such　as　sandboxes　and　virtual　machines,　the　FAI　model　is　simpler,　and　therefore　it　does　not　only　meet　the　necessary　security　requirements　but　also　increases　the　usability.　To　isolate　applications　and　prevent　classified　objects　of　the　applications　from　being　illegally　tampered,　the　FAI　model　extends　the　traditional　two-dimensional　access　control　matrix　to　a　three-dimensional　access　control　matrix,　which　includes　subjects,　objects　and　processes.　In　order　to　support　multi-level　security　and　Mandatory　Access　Control　(MAC),　the　concept　of　processes　sensitivity　level　ranges　is　considered　in　the　model.　In　this　article,　we　first　give　an　informal　description　of　the　model,　and　then　introduce　the　formalized　description　and　safety　analysis.　Finally　we　explain　the　feasibility　of　the　model　by　showing　the　result　of　the　engineering　implementation.　©　2010　Springer-Verlag.