Restricted erlang

[erlang@REDACTED]

In connection with my earlier questions on safe implementations of erlang,
I've been looking at a lobotomised version of erlang from which all I/O
except message-passing has been removed, as well as direct OS access.

I can easily enough remove enough of the modules to make a big difference,
but some of the BIFs will need removal too.

Before I get involved with a huge chopping exercise, does anyone have 
advice or recommendations?  Obviously if there's a relatively painless 
way of doing this (let's say, a simple removal of certain OTP components,
reduction of some of the inner source code to stub procedures) I would 
like to do that.