STRIDE model

STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats. ^[1] STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system, which may include a full breakdown of processes, data stores, data flows, and trust boundaries. ^[2]

Developed by Praerit Garg and Loren Kohnfelder at Microsoft, ^{[3] [4]} it provides a mnemonic for security threats in six categories. ^[5] Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.

See also

• Attack tree – another approach to security threat modeling, stemming from dependency analysis
• DREAD – a classification system for security threats
• OWASP – an organization devoted to improving web application security through education
• CIA also known as AIC ^{[6] [7]} – another mnemonic for a security model to build security in IT systems

References

1. Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. Retrieved 13 April 2021.
2. Shostack, Adam (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN   978-1118809990.
3. Shostack, Adam (27 August 2009). ""The Threats To Our Products"". Microsoft SDL Blog. Microsoft. Retrieved 18 August 2018.
4. Guzman, Aaron; Gupta, Aditya (2017). IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices. Packt Publishing. pp. 34–35. ISBN   978-1-78728-517-0.
5. "The STRIDE Threat Model". Microsoft. Microsoft.
6. "Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality". tripwire.com. Retrieved 2022-07-20.
7. "What is the CIA Triad? Definition, Explanation and Examples". WhatIs.com. Retrieved 2022-05-01.

External links

• Uncover Security Design Flaws Using The STRIDE Approach