It's possible to do that with KVM, running the untrusted guest as a user-mode program in a guest and trapping system calls into the hypervisor. The cost of a system call would be about 6000 clock cycles.