Welcome back. In this lesson, we're going to be talking about system trust boundaries. Now, in our previous lessons, we use the idea of trust boundaries in our threat models, but we didn't go into more detail about what they are or how to determine them. So the goal of today's lesson is to define in a little bit more detail what a trust boundary is and where it belongs in a threat model, and what it tells us. After this lesson, you will be able to distinguish the trust boundaries in a given system. Let's go. Ask first, do I trust the data moving between the two nodes? Next, is there a different level of trust that I place on either of these two nodes? In other words, which node do we trust more? Now we're going to look at a couple of examples to drive this idea of the trust boundary. Here, for example, we trust node 1 more so than node 2. We effectively want to validate the data that's coming in from node 2 to node 1. In the next example, we trust both nodes in our system. For example, if we owned a node in one cloud service provider in a different node in a different cloud service provide and they're separate. Let's assume that they have the same level of security setup, and we trust both nodes equally. But we might not necessarily trust the data that's moving from node 1 to node 2 because, for example, it might go through several network hops to get from one node to the other. So there could be some sort of malicious system in between node 1 and node 2. In a more realistic example, you would want to validate the data that you send from, say, a node in AWS to a node in GCP because you don't trust the connection in between AWS and GCP. That connection is the Internet. In conclusion, trust boundaries are points in the system where data flows from one location to another, and there is a change between the level of trust that we have on the data, as a data flows from one location to another. We've also talked about where we would use this in a threat model. Specifically, when we have our data flow diagram, that's when we want to look at each data flow node point and determine where we see a level of trust changing. More specifically, trust boundaries tell us where to focus our attention and where we want to concentrate on validating our data before we use it.