I've actually heard this question asked a lot in a bunch of different forms, and (to me) it basically comes down to:
How do I use virtualization to provide additional security to processes?
The advantage of virtualization is that it provides a very strong statement of security (if a lesser statement of performance). On the other hand Jails/Containers (see LXC) have a strong statement of performance and a lesser statment of security.
For you, I'd recommend checking out Linux Containers, because it does provide more protection than just a process, but is faster and uses less resources than a whole VM.
Well, if the VM has security issues, you'll have to update all the VMs running, never mind that I think it's possible to get to the core OS from a VM.
This is definitely a case to look at OS level virtualization[1], running a dedicated VM just for jailing a process seems a bit overengineered. SmartOS[2] might be interesting for this[2].
The advantage of virtualization is that it provides a very strong statement of security (if a lesser statement of performance). On the other hand Jails/Containers (see LXC) have a strong statement of performance and a lesser statment of security.
For you, I'd recommend checking out Linux Containers, because it does provide more protection than just a process, but is faster and uses less resources than a whole VM.