STRIDE (security)

STRIDE is a threat classification model developed by Microsoft for thinking about computer security threats.^[1] It provides a mnemonic for security threats in six categories.^[2]

The threat categories are:

Spoofing of user identity
Tampering
Repudiation
Information disclosure (privacy breach or data leak)
Denial of service (D.o.S)
Elevation of privilege

The STRIDE was initially created as part of the process of threat modelling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows and trust boundaries.^[3]

Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"

References

↑ Morana, Marco; UcedaVelez, Tony (2011). Application threat modeling. Oxford: Wiley-Blackwell. p. 37. ISBN 978-0-470-50096-5.
↑ "The STRIDE Threat Model". Microsoft. Microsoft.
↑ Shostack (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990.

External links

Uncover Security Design Flaws Using The STRIDE Approach

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

STRIDE (security)

See also

References

External links