Isolated memory is implemented by controlling changes to address translation maps. Control over the maps can be exercised in such a way that no virtual address referring to an isolated page is exposed to any untrusted process. Requests to edit an entry in a map are evaluated to ensure that the edit will not cause the map to point to isolated memory. Requests to change which map is active are evaluated to ensure that the map to be activated does not point to isolated memory. Preferably, these evaluations are performed by a trusted component in a trusted environment, since isolation of the memory depends on the evaluation component not being compromised. In systems that require all memory access requests to identify their target by virtual address, preventing the address translation maps from pointing to a portion of memory effectively prevents access to that portion of memory, thereby creating an isolated memory.