STRIDE model

From HandWiki
Short description: Model for identifying computer security threats

STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats.[1] STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system, which may include a full breakdown of processes, data stores, data flows, and trust boundaries.[2]

Developed by Praerit Garg and Loren Kohnfelder at Microsoft,[3][4] it provides a mnemonic for security threats in six categories.[5] Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.

See also

  • Attack tree – another approach to security threat modeling, stemming from dependency analysis
  • DREAD – a classification system for security threats
  • OWASP – an organization devoted to improving web application security through education
  • CIA also known as AIC[6][7] – another mnemonic for a security model to build security in IT systems

References

  1. Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. https://shostack.org/files/microsoft/The-Threats-To-Our-Products.docx. Retrieved 13 April 2021. 
  2. Shostack, Adam (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990. 
  3. Shostack, Adam (27 August 2009). ""The Threats To Our Products"". Microsoft. https://web.archive.org/web/20180818182151/https://cloudblogs.microsoft.com/microsoftsecure/2009/08/27/the-threats-to-our-products/. Retrieved 18 August 2018. 
  4. Guzman, Aaron; Gupta, Aditya (2017). IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices. Packt Publishing. pp. 34–35. ISBN 978-1-78728-517-0. 
  5. "The STRIDE Threat Model". Microsoft. https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx. 
  6. "Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality" (in en). https://www.tripwire.com/state-of-security/security-data-protection/key-ot-cybersecurity-challenges-availability-integrity-confidentiality/. 
  7. "What is the CIA Triad? Definition, Explanation and Examples" (in en). https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA. 



Retrieved from "https://handwiki.org/wiki/index.php?title=STRIDE_model&oldid=3980834"