If you go under the assumption that pretty much anything you can trace on you can get access to in tsql as well, your problem could have an elegant solution.
Try logon triggers. You could test everyone's login when they logon and if the applicatoin isn't what it should be for that login, you can log them back off. So if you've got only a single login that you want to have access to those SPs, you can give only that login execute on the SP and then through a logon trigger, limit which apps can logon with that acct.
So here's a sample of what you might do: I just wrote this out real quick as an example, so it's not very rich, but you get the idea...
ALTER TRIGGER tgrLimitUsers
ON ALL SERVER WITH EXECUTE AS 'dbo'
IF APP_NAME() NOT IN ('SQL Server Management Studio')
So this makes sure that only SSMS can access SQL through whatever login it is... so you'd also look for the login as well... so just put ORIGINAL_LOGIN() in your test as well and you'll have a very flexible solution. And it works for sql and windows accts.
Watch my free SQL Server Tutorials at:http://MidnightDBA.com
Blog Author of:
DBA Rant – http://www.MidnightDBA.com/DBARant
Minion Maintenance is FREE: