trust boundary

Trust boundary is a term used in computer science and security which describes a boundary where program data or execution changes its level of "trust," or where two principals with different capabilities exchange data or commands. The term refers to any distinct boundary where within a system all sub-systems (including data) have equal trust. An example of an execution trust boundary would be where an application attains an increased privilege level (such as root). A data trust boundary is a point where data comes from an untrusted source--for example, user input or a network socket.

A "trust boundary violation" refers to a vulnerability where computer software trusts data that has not been validated before crossing a boundary.

References

{{Reflist|refs=

{{cite web|title=Trust Boundary Violation|publisher=OWASP|url=https://www.owasp.org/index.php/Trust_Boundary_Violation|url-status=dead|archiveurl=https://web.archive.org/web/20110519233053/https://www.owasp.org/index.php/Trust_Boundary_Violation|archivedate=2011-05-19}}

{{cite book|title=Fuzzing for software security testing and quality assurance|url=https://archive.org/details/fuzzingforsoftwa00taka_981|url-access=limited|author1=Ari Takanen |author2=Jared DeMott |author3=Charles Miller |publisher=Artech House|year=2008|isbn=978-1-59693-214-2|page=[https://archive.org/details/fuzzingforsoftwa00taka_981/page/n82 60]}}

{{cite web | author=John Neystadt | title=Automated Penetration Testing with White-Box Fuzzing | url=http://msdn.microsoft.com/en-us/library/cc162782.aspx | publisher=Microsoft | date=February 2008 | accessdate=2009-05-14}}

{{cite book|title=Handbook of Information and Communication Security|url=https://archive.org/details/handbookinformat00stav|url-access=limited|author1=Peter Stavroulakis |author2=Mark Stamp |publisher=Springer|year=2010|page=[https://archive.org/details/handbookinformat00stav/page/n26 13]}}}}{{computer-security-stub}}

Category:Cybersecurity engineering