STRIDE SECURITY THREAT MODEL
The STRIDE is a security threat model which was introduced in 1999 by Praerit Garg and Loren Kohnfelder (Microsoft security researchers). This model was created to identify computer security threats and categorizing potential issues.
S — SPOOFING
T — TAMPERING
R — REPUDIATION
I — INFORMATION DISCLOSURE
D — DENIAL OF SERVICE
E — EVELVATION OF PRIVILEGE
1. Spoofing
Property :- Authenticity.
Definition :- Pretending to be something/someone.
Mitigation :- Passwords/passphrases, Multi-Factor Authentication, Digital Signatures.
2. Tampering
Property :- Integrity.
Definition :- Modification of data/information.
Mitigation :- Permissions/Access Control Lists, Digital Signatures.
3. Repudiation
Property :- Non-repudiability.
Definition :- Denying an action.
Mitigation :- Secure logging and auditing, Digital Signatures.
4. Information Disclosure
Property :- Confidentiality.
Definition :- Leakage of sensitive information.
Mitigation :- Encryption, Permissions/Access Control Lists.
5. Denial of Service
Property :- Availability.
Definition :- Non-availability of service.
Mitigation :- Permissions/Access Control Lists, Filtering DAaAS, Quotas.
6. Elevation of Privilege
Property :- Authorization.
Definition :- Unprivileged to privileged access.
Mitigation :- Permissions/Access Control Lists, Input Validation.