STRIDE model: Difference between revisions

Content deleted Content added

Inline

Revision as of 18:53, 31 July 2021

STRIDE is a model of aggregated threats developed by Praerit Garg and Loren Kohnfelder at Microsoft^[1] for identifying computer security threats.^[2] It provides a mnemonic for security threats in six categories.^[3]

The threats are:

Spoofing
Tampering
Repudiation
Information disclosure (privacy breach or data leak)
Denial of service
Elevation of privilege^[4]

The STRIDE was initially created as part of the process of threat modeling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows and trust boundaries.^[5]

Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"

Each threat is a violation of a desirable property for a system:

Threat	Desired property
Spoofing	Authenticity
Tampering	Integrity
Repudiation	Non-repudiability
Information disclosure	Confidentiality
Denial of Service	Availability
Elevation of Privilege	Authorization

Notes on the threats

Repudiation is unusual because it's a threat when viewed from a security perspective, and a desirable property of some privacy systems, for example, Goldberg's "Off the Record" messaging system. This is a useful demonstration of the tension that security design analysis must sometimes grapple with.

Elevation of Privilege is often called escalation of privilege, or privilege escalation. They are synonymous.

References

^ Shostack, Adam. ""The Threats To Our Products"". Microsoft SDL Blog. Microsoft. Retrieved 18 August 2018.
^ Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. Retrieved 18 August 2018.
^ "The STRIDE Threat Model". Microsoft. Microsoft.
^ Guzman, Aaron; Gupta, Aditya (2017). IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices. Packt Publishing. pp. 34–35. ISBN 978-1-78728-517-0.
^ Shostack (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990.

External links

Uncover Security Design Flaws Using The STRIDE Approach

This computer science article is a stub. You can help Wikipedia by expanding it.

[1] Shostack, Adam. ""The Threats To Our Products"". Microsoft SDL Blog. Microsoft. Retrieved 18 August 2018.

[2] Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. Retrieved 18 August 2018.

[3] "The STRIDE Threat Model". Microsoft. Microsoft.

[4] Guzman, Aaron; Gupta, Aditya (2017). IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices. Packt Publishing. pp. 34–35. ISBN 978-1-78728-517-0.

[5] Shostack (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990.

[1]

[2]

[3]

[4]

[5]

Revision as of 20:21, 4 February 2021 edit AnomieBOT (talk \| contribs) Bots 6,502,632 edits m Dating maintenance tags: {{By whom}} {{Citation needed}} ← Previous edit		Revision as of 18:53, 31 July 2021 edit undo Vscoop wiki (talk \| contribs) 9 edits No edit summary Tag: Reverted Next edit →
Line 1:		Line 1:
	'''STRIDE''' is a model of threats developed by Praerit Garg and [[Loren Kohnfelder]] at [[Microsoft]]<ref>{{cite web \|last1=Shostack \|first1=Adam \|title="The Threats To Our Products" \|url=https://cloudblogs.microsoft.com/microsoftsecure/2009/08/27/the-threats-to-our-products/ \|website=Microsoft SDL Blog \|publisher=Microsoft \|accessdate=18 August 2018}}</ref> for identifying [[computer security]] [[Threat (computer)\|threats]].<ref>{{cite journal \|last1=Kohnfelder \|first1=Loren \|last2=Garg \|first2=Praerit \|title=The threats to our products \|journal=Microsoft Interface \|date=April 1, 1999 \|url=https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx \|accessdate=18 August 2018}}</ref> It provides a [[mnemonic]] for security threats in six categories.<ref>{{cite web\|title=The STRIDE Threat Model\|url=https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx\|website=Microsoft\|publisher=Microsoft}}</ref>		'''STRIDE''' is a model of aggregated threats developed by Praerit Garg and [[Loren Kohnfelder]] at [[Microsoft]]<ref>{{cite web \|last1=Shostack \|first1=Adam \|title="The Threats To Our Products" \|url=https://cloudblogs.microsoft.com/microsoftsecure/2009/08/27/the-threats-to-our-products/ \|website=Microsoft SDL Blog \|publisher=Microsoft \|accessdate=18 August 2018}}</ref> for identifying [[computer security]] [[Threat (computer)\|threats]].<ref>{{cite journal \|last1=Kohnfelder \|first1=Loren \|last2=Garg \|first2=Praerit \|title=The threats to our products \|journal=Microsoft Interface \|date=April 1, 1999 \|url=https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx \|accessdate=18 August 2018}}</ref> It provides a [[mnemonic]] for security threats in six categories.<ref>{{cite web\|title=The STRIDE Threat Model\|url=https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx\|website=Microsoft\|publisher=Microsoft}}</ref>

	The threats are:		The threats are:

Revision as of 18:53, 31 July 2021

Notes on the threats

See also

References

External links