Trust boundary

Trust boundary is a term in computer science and security used to describe a boundary where program data or execution changes its level of "trust". The term refers to any distinct boundary within which a system trusts all sub-systems (including data).^[1] An example of an execution trust boundary would be where an application attains an increased privilege level (such as root).^[2] A data trust boundary is a point where data comes from an untrusted source. For example, user input or a network socket^[3]

A "trust boundary violation" refers to a vulnerability where computer software trusts data that has not been validated before crossing a boundary.^[4]

References

^ Peter Stavroulakis; Mark Stamp (2010). Handbook of Information and Communication Security. Springer. p. 13.
^ Ari Takanen; Jared DeMott; Charles Miller (2008). Fuzzing for software security testing and quality assurance. Artech House. p. 60. ISBN 1-59693-214-7.
^ John Neystadt (February 2008). "Automated Penetration Testing with White-Box Fuzzing". Microsoft. Retrieved 2009-05-14.
^ "Trust Boundary Violation". OWASP.

This computer security article is a stub. You can help Wikipedia by expanding it.

[handbook-1] Peter Stavroulakis; Mark Stamp (2010). Handbook of Information and Communication Security. Springer. p. 13.

[Takanen-2] Ari Takanen; Jared DeMott; Charles Miller (2008). Fuzzing for software security testing and quality assurance. Artech House. p. 60. ISBN 1-59693-214-7.

[neystadt-3] John Neystadt (February 2008). "Automated Penetration Testing with White-Box Fuzzing". Microsoft. Retrieved 2009-05-14.

[owasp-4] "Trust Boundary Violation". OWASP.

[1]

[2]

[3]

[4]