This article is from the Threads Programming FAQ, by Bryan O'Sullivan email@example.com with numerous contributions by others.
A protection boundary protects one software subsystem on a computer
from another, in such a way that only data that is explicitly shared
across such a boundary is accessible to the entities on both sides. In
general, all code within a protection boundary will have access to all
data within that boundary.
The canonical example of a protection boundary on most modern systems
is that between processes and the kernel. The kernel is protected from
processes, so that they can only examine or change its internal state
in certain strictly-defined ways.
Protection boundaries also exist between individual processes on most
modern systems. This prevents one buggy or malicious process from
wreaking havoc on others.
Why are protection boundaries interesting? Because transferring
control across them is expensive; it takes a lot of time and work.