Trust Boundary Semantic Gaps: A Multi-dimensional Analysis and Mitigation for Security-by-Design

Abstract

Modern systems use format-, protocol-, and signature-based mechanisms before accepting artifacts across trust boundaries. These mechanisms are necessary: they show that an artifact is well formed, protocol-compliant, or properly authenticated. They do not, however, show that the artifact satisfies the semantic security properties required by the receiving domain. A signed update or an authenticated token may therefore be accepted yet enable compromise. We call this condition a Trust Boundary Semantic Gap (TBSG): an artifact crosses a trust boundary and passes correctly implemented syntactic validation, but the assertions established by that pass are insufficient to satisfy the receiving domain's security requirements. TBSG concerns what remains unestablished after a syntactic pass, not absent checks or implementation bugs. Analyzing 75 publicly reported security incidents (2014-2025) at the boundary level, we organize semantic misalignment into a four-dimensional analysis model: Identity, Spatial, Temporal, and Interpretation (MDTBSG). Building on it, we develop Trust Boundary Semantic Analysis and Mitigation (TBSAM), a design-time framework that identifies TBSGs from design specifications, prioritizes them, traces propagated gaps to their originating boundary, and maps each to candidate architectural controls. We apply TBSAM to a retrospective reconstruction of the SolarWinds/SUNBURST supply-chain attack, showing how it makes receiving-domain assumptions explicit, separates locally originating from propagated gaps, and identifies controls that interrupt the path. These results suggest that syntactic validation, while necessary, is not sufficient at trust boundaries, and that making trust-boundary assumptions explicit can complement Security-by-Design.

0

Turn this paper into a full lesson

ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.

Discussion (0)

Sign in to join the discussion.

Loading comments…