Previous

Next

Trust boundary - The trust zone change element

Completed

Trust boundary box

Trust boundary line

The trust boundary element is represented by dotted lines or squares. Trust boundaries are used to describe data flow as it crosses different trust zone levels.

Examples include:

• Firewalls
• Connections to third-party services
• Parts of your system only available to administrators

Areas with changing trust zones are the most targeted by attackers, and should be carefully designed.

Microsoft has predefined trust-zone requirements for engineers to use internally. It takes the guesswork out of which boundaries to apply. If you work at Microsoft, contact your security team to learn more.

When to use the trust boundary element

Here are a few important points to remember about trust boundaries:

• Include trust boundaries to handle data flow as it crosses different trust zones.
• Trust boundary lines represent data flow as it crosses large environments, like the internet.
• Trust boundary boxes represent smaller environments, like sandbox environments and corporate networks.

Include context

Include the following context with each trust boundary element:

Context	Questions
Description	Is it a corporate network boundary? Internet? Azure subscription?

Check your knowledge

1.

Which one of these actions best describes data crossing a trust boundary?

Data sent from the user to a web service hosted on Azure.

Data sent from the web service to the data store on Azure under the same Azure subscription.

Data sent from the data store to a process on Azure under the same tenant.

You must answer all questions before checking your work.

Continue