STRIDE is a model for identifying computer security threats [1] developed by Praerit Garg and Loren Kohnfelder at Microsoft. [2] It provides a mnemonic for security threats in six categories. [3]
The threats are:
The STRIDE was initially created as part of the process of threat modeling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows, and trust boundaries. [5]
Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"
Each threat is a violation of a desirable property for a system:
Threat | Desired property | Threat Definition |
---|---|---|
Spoofing | Authenticity | Pretending to be something or someone other than yourself |
Tampering | Integrity | Modifying something on disk, network, memory, or elsewhere |
Repudiation | Non-repudiability | Claiming that you didn't do something or were not responsible; can be honest or false |
Information disclosure | Confidentiality | Someone obtaining information they are not authorized to access |
Denial of service | Availability | Exhausting resources needed to provide service |
Elevation of privilege | Authorization | Allowing someone to do something they are not authorized to do |
Repudiation is unusual because it's a threat when viewed from a security perspective, and a desirable property of some privacy systems, for example, Goldberg's " Off the Record" messaging system. This is a useful demonstration of the tension that security design analysis must sometimes grapple with.
Elevation of privilege is often called escalation of privilege, or privilege escalation. They are synonymous.
STRIDE is a model for identifying computer security threats [1] developed by Praerit Garg and Loren Kohnfelder at Microsoft. [2] It provides a mnemonic for security threats in six categories. [3]
The threats are:
The STRIDE was initially created as part of the process of threat modeling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows, and trust boundaries. [5]
Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"
Each threat is a violation of a desirable property for a system:
Threat | Desired property | Threat Definition |
---|---|---|
Spoofing | Authenticity | Pretending to be something or someone other than yourself |
Tampering | Integrity | Modifying something on disk, network, memory, or elsewhere |
Repudiation | Non-repudiability | Claiming that you didn't do something or were not responsible; can be honest or false |
Information disclosure | Confidentiality | Someone obtaining information they are not authorized to access |
Denial of service | Availability | Exhausting resources needed to provide service |
Elevation of privilege | Authorization | Allowing someone to do something they are not authorized to do |
Repudiation is unusual because it's a threat when viewed from a security perspective, and a desirable property of some privacy systems, for example, Goldberg's " Off the Record" messaging system. This is a useful demonstration of the tension that security design analysis must sometimes grapple with.
Elevation of privilege is often called escalation of privilege, or privilege escalation. They are synonymous.