Trusted subsystem at one level
Imagine a .NET application developed using a layered architecture.
Is it possible to use something like a trusted subsystem when deploying all layers of an application on one computer?
Is this configuration insecure by default?
It depends on how you use the system and how your layers are deployed.
Let's say you have a machine that is running SQL Server under one user account, your service level is under a different service account, and your users log into a third account (no administrator access, of course). Say that the middle tier account is trusted to access the database, but there is no user account. In that case, yes, this is basically your classic picture of a trusted subsystem model.
If you have a case where the end user account has access to the database and service level, then you are really breaking the pattern and opening a hole. If the end user is an administrator and can tamper with one of the layers in some way, you are breaking the pattern. If the user has physical access to the machine and can interfere with IT, I would even say that you are breaking the pattern ...
source to share
If all layers are deployed in the same process, then I would say that by definition you are not using the trusted subsystem model.
You could (at least in theory) deploy different tiers to the same physical machine while still using the trusted subsystem model, but of course it would be more difficult to guarantee middle tier security. For example, your middle tier might be trusted web services running under IIS.
source to share