A trusted enclave for a software system of a computer node provides relatively high assurance protection of a section of the software system. The trusted enclave attempts to stop malware from compromising parts of the software system within the trusted enclave. If a software system process outside the trusted enclave becomes compromised, the compromised process may be prevented from compromising software system resources within the trusted enclave. Compromise of a process or resource of the software system refers to, for example, malware access, alteration or control of the process or resource.