Trust boundary

Trust boundary is a term in computer science and security used to describe a boundary where program data or execution changes its level of "trust". The term refers to any distinct boundary within which a system trusts all sub-systems (including data).[1] An example of an execution trust boundary would be where an application attains an increased privilege level (such as root).[2] A data trust boundary is a point where data comes from an untrusted source. For example, user input or a network socket[3]

A "trust boundary violation" refers to a vulnerability where computer software trusts data that has not been validated before crossing a boundary.[4]

References

  1. Peter Stavroulakis; Mark Stamp (2010). Handbook of Information and Communication Security. Springer. p. 13.
  2. Ari Takanen; Jared DeMott; Charles Miller (2008). Fuzzing for software security testing and quality assurance. Artech House. p. 60. ISBN 1-59693-214-7.
  3. John Neystadt (February 2008). "Automated Penetration Testing with White-Box Fuzzing". Microsoft. Retrieved 2009-05-14.
  4. "Trust Boundary Violation". OWASP.


This article is issued from Wikipedia - version of the 6/6/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.