Isolated network between VMs not visible to the host

Goal

We have two VMs and for security reasons we want to isolate these VMs as much as possible, as they are handling potentially sensitive information. One of the VMs acts as gateway with internet access, the other VM is used by the user. Given that potentially sensitive information is flowing between the two VMs, we want to prevent the host from being able to sniff on the traffic between the two VMs by using a completely isolated virtual network.

Technical details

VirtualBox offers to configure an internal network without using a host interface or TCP sockets, such as it's done in QEMU. This prevents network sniffers from seeing traffic between the two guest VMs. Similar to a restricted user network, it should be possible to define a network in QEMU, which doesn't allow any outgoing traffic, except for between VMs, while not passing the traffic through host-visible interfaces.