STRIDE is a commonly used threat modeling methodology that was created by Microsoft. STRIDE is an acronym that represents six categories of threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Each letter refers to a class of threats that security professionals should consider when assessing the risks to a system.
Spoofing refers to threats where attackers masquerade as another entity, such as pretending to be a trusted user, administrator, or other system. Spoofing threats aim to achieve unauthorized access or influence by assuming a false identity. Examples include phishing emails, fraudulent websites, and Man-in-the-Middle attacks. Threat modelers should consider how an attacker could spoof or impersonate legitimate users, devices, or processes within the system.
Tampering addresses threats where an attacker modifies data to expose vulnerabilities or affect operational integrity. Tampering threats aim to undermine the system through unauthorized changes. Data, systems software, communication channels, stored procedures, or APIs could potentially be altered maliciously. Threat modelers should look at where an attacker could inject malicious code, modify transaction details, overwrite files, or adjust configuration settings.
Repudiation refers to threats where attackers can deny performing an action in the system after its occurrence. For example, a malicious actor conducts unauthorized transactions but is later able to deny knowledge or involvement. Threat modelers should contemplate how an adversary could execute prohibited operations without being held accountable – are proper logs, authentication, and non-repudiation mechanisms implemented?
Information Disclosure encompasses threats involving unauthorized exposure of confidential information like account credentials, sensitive documents, transactions records, or personal details. Disclosure threatens the privacy, integrity and trust of the system. Modelers should pinpoint where secret data is stored or transmitted and how an adversary may be able to steal, copy, peek, eavesdrop on, or sniff such information.
Denial of Service (DoS) signifies threats attempting to prevent legitimate access through exhaustion or overloading of resources like CPU, memory, disk, network bandwidth. DoS incidents aim to crash, freeze, or severely degrade the system performance. Modelers need to consider entry points that attackers could flood with traffic to induce an outage and impact availability.
Elevation of Privilege involves threats where adversaries exploit vulnerabilities to gain unauthorized high-level control over the system, often starting with some initial lower access. Elevation threatens proper segregation of duties. Threat modelers must analyze default configurations and change access procedures for potential weaknesses that enable privilege escalation.
When conducting a STRIDE analysis, modelers will identify potential threats within each category that are relevant to the system design and operational environment. They assess the risk level of each threat by considering its impact and likelihood. Mitigations can then be developed to strengthen security by reducing vulnerability impact and attack probability. Additional analysis involves identifying threats across multiple STRIDE categories that share common underlying flaws or entry points. STRIDE provides a structured yet flexible framework for holistically analyzing a wide spectrum of threats facing information systems.
STRIDE has proven particularly useful when applied early during the design phase, before significant resources have been committed to implementation. Addressing security risks up-front helps prevent vulnerabilities and enables more cost-effective remedies. STRIDE also facilitates communication between developers, security professionals and other stakeholders by describing threats in business-focused terms. While no analysis is comprehensive, following the STRIDE methodology guides examiners to consider a broad set of threat types that could potentially harm confidentiality, integrity, or availability. Regular reassessment as systems evolve ensures changing risks are identified and mitigated. Overall, STRIDE offers a standardized yet adaptive approach for building more robust defenses against cyber adversaries.