STRIDE model: Difference between revisions

Content deleted Content added

Inline

Revision as of 17:04, 25 August 2018

STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft^[1] for identifying computer security threats.^[2] It provides a mnemonic for security threats in six categories.^[3]

The threats are:

Spoofing of user identity
Tampering
Repudiation
Information disclosure (privacy breach or data leak)
Denial of service (D.o.S)
Elevation of privilege

The STRIDE was initially created as part of the process of threat modelling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows and trust boundaries.^[4]

Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"

Each threats is a violation of a desirable property for a system:

Threat	Desired property
Spoofing	Authenticity
Tampering	Integrity
Repudiation	Non-repudiability
Information disclosure	Confidentiality
Denial of Service	Availability
Elevation of Privilege	Authorization

Notes on the threats

Repudiation is unusual because it's a threat when viewed from a security perspective, and a desirable property of some privacy systems, for example, Goldberg's "Off the Record" messaging system. This is a useful demonstration of the tension that security design analysis must sometimes grapple with.

Elevation of Privilege is often called escalation of privilege, or privilege escalation. They are synonymous.

References

^ Shostack, Adam. ""The Threats To Our Products"". Microsoft SDL Blog. Microsoft. Retrieved 18 August 2018.
^ Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. Retrieved 18 August 2018.
^ "The STRIDE Threat Model". Microsoft. Microsoft.
^ Shostack (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990.

External links

Uncover Security Design Flaws Using The STRIDE Approach

This computer science article is a stub. You can help Wikipedia by expanding it.

[1] Shostack, Adam. ""The Threats To Our Products"". Microsoft SDL Blog. Microsoft. Retrieved 18 August 2018.

[2] Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. Retrieved 18 August 2018.

[3] "The STRIDE Threat Model". Microsoft. Microsoft.

[4] Shostack (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990.

[1]

[2]

[3]

[4]

Revision as of 17:03, 25 August 2018 edit Emergentchaos (talk \| contribs) 163 edits →‎Notes on the threats ← Previous edit		Revision as of 17:04, 25 August 2018 edit undo Emergentchaos (talk \| contribs) 163 edits m Fixed display of Loren's name. Next edit →
Line 1:		Line 1:
	'''STRIDE''' is a model of threats developed by Praerit Garg and [[Loren_Kohnfelder]] at Microsoft<ref>{{cite web \|last1=Shostack \|first1=Adam \|title="The Threats To Our Products" \|url=https://cloudblogs.microsoft.com/microsoftsecure/2009/08/27/the-threats-to-our-products/ \|website=Microsoft SDL Blog \|publisher=Microsoft \|accessdate=18 August 2018}}</ref> for identifying [[computer security]] [[Threat (computer)\|threats]].<ref>{{cite journal \|last1=Kohnfelder \|first1=Loren \|last2=Garg \|first2=Praerit \|title=The threats to our products \|journal=Microsoft Interface \|date=April 1, 1999 \|url=https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx \|accessdate=18 August 2018}}</ref> It provides a [[mnemonic]] for security threats in six categories.<ref>{{cite web\|title=The STRIDE Threat Model\|url=https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx\|website=Microsoft\|publisher=Microsoft}}</ref>		'''STRIDE''' is a model of threats developed by Praerit Garg and [[Loren_Kohnfelder\|Loren Kohnfelder]] at Microsoft<ref>{{cite web \|last1=Shostack \|first1=Adam \|title="The Threats To Our Products" \|url=https://cloudblogs.microsoft.com/microsoftsecure/2009/08/27/the-threats-to-our-products/ \|website=Microsoft SDL Blog \|publisher=Microsoft \|accessdate=18 August 2018}}</ref> for identifying [[computer security]] [[Threat (computer)\|threats]].<ref>{{cite journal \|last1=Kohnfelder \|first1=Loren \|last2=Garg \|first2=Praerit \|title=The threats to our products \|journal=Microsoft Interface \|date=April 1, 1999 \|url=https://adam.shostack.org/microsoft/The-Threats-To-Our-Products.docx \|accessdate=18 August 2018}}</ref> It provides a [[mnemonic]] for security threats in six categories.<ref>{{cite web\|title=The STRIDE Threat Model\|url=https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx\|website=Microsoft\|publisher=Microsoft}}</ref>

	The threats are:		The threats are:

Revision as of 17:04, 25 August 2018

Notes on the threats

See also

References

External links