You'd still know what syscalls a cryptographically obfuscated userland program was making.

If it's a total black box, wouldn't the NOBUS thing to do would be to have some large key that it's watching input for that flips it into a malicious mode?

If BB(6) took years to execute, how long would you have to spend feeding random input to a suspected-hostile 10000 symbol Turing machine (whose source code and state you can't examine) in a sandbox before you decided it was safe?

Easy, have all executable segments read-only with none (or fixed) syscall instructions.

Think it'd be a bit dangerous to let them make any though, unless you were single stepping.