Trust boundary

Trust boundary is a term in computer science and security used to describe a boundary where program data or execution changes its level of "trust". The term refers to any distinct boundary within which a system trusts all sub-systems (including data).[1] An example of an execution trust boundary would be where an application attains an increased privilege level (such as root).[2] A data trust boundary is a point where data comes from an untrusted source. For example, user input or a network socket[3]

A "trust boundary violation" refers to a vulnerability where computer software trusts data that has not been validated before crossing a boundary.[4]

References

  1. Peter Stavroulakis, Mark Stamp (2010). Handbook of Information and Communication Security. Springer. p. 13.
  2. Ari Takanen, Jared DeMott, Charles Miller (2008). Fuzzing for software security testing and quality assurance. Artech House. p. 60. ISBN 1-59693-214-7.
  3. John Neystadt (February 2008). "Automated Penetration Testing with White-Box Fuzzing". Microsoft. Retrieved 2009-05-14.
  4. "Trust Boundary Violation". OWASP.
This article is issued from Wikipedia - version of the Wednesday, December 23, 2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.