🎯 Threat Modeling Vocabulary
5 exercises — STRIDE, attack surface, trust boundary, threat actor, mitigation — vocabulary for structured threat modeling discussions. Advanced
0 / 5 completed
1 / 5
An architect says: "We need to identify the trust boundaries in this data flow diagram before we continue the STRIDE analysis."
What is a trust boundary in threat modeling?
Trust boundary = a line in a Data Flow Diagram (DFD) where data moves between different trust levels, requiring validation or re-authentication.
| Trust boundary crossing example | Threat question to ask |
|---|---|
| Internet → Web application (DMZ) | Who can impersonate a legitimate user? (Spoofing) |
| Web application → Internal API (intranet) | Can input data be tampered with in transit? (Tampering) |
| Application → Database | Is authorisation re-checked at this layer? (Elevation of Privilege) |
| User browser → CDN → Origin | Can a CDN node disclose sensitive data? (Information Disclosure) |
Key vocabulary:
- Trust boundary crossing — data moving from a lower-trust to a higher-trust zone (or vice versa)
- Validation required — all input crossing a trust boundary must be validated before being processed
- Privilege transition — a change in the security context (e.g., anonymous → authenticated)
- DFD (Data Flow Diagram) — the diagramming notation used in structured threat modeling to map processes, data stores, external entities, and data flows