STRIDE SECURITY THREAT MODEL

The STRIDE is a security threat model which was introduced in 1999 by Praerit Garg and Loren Kohnfelder (Microsoft security researchers). This model was created to identify computer security threats and categorizing potential issues.

S — SPOOFING

T — TAMPERING

R — REPUDIATION

I — INFORMATION DISCLOSURE

D — DENIAL OF SERVICE

E — EVELVATION OF PRIVILEGE

1. Spoofing

Property :- Authenticity.

Definition :- Pretending to be something/someone.

Mitigation :- Passwords/passphrases, Multi-Factor Authentication, Digital Signatures.

2. Tampering

Property :- Integrity.

Definition :- Modification of data/information.

Mitigation :- Permissions/Access Control Lists, Digital Signatures.

3. Repudiation

Property :- Non-repudiability.

Definition :- Denying an action.

Mitigation :- Secure logging and auditing, Digital Signatures.

4. Information Disclosure

Property :- Confidentiality.

Definition :- Leakage of sensitive information.

Mitigation :- Encryption, Permissions/Access Control Lists.

5. Denial of Service

Property :- Availability.

Definition :- Non-availability of service.

Mitigation :- Permissions/Access Control Lists, Filtering DAaAS, Quotas.

6. Elevation of Privilege

Property :- Authorization.

Definition :- Unprivileged to privileged access.

Mitigation :- Permissions/Access Control Lists, Input Validation.