STRIDE: Acronym of Threat Modeling System


Today we will discuss STRIDE. It is an acronym for threat modeling system. It helps to classify security attacks among six different threat types.

In simple terms, any cyber attack can be classified among STRIDE. It is defined as:

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

What is Spoofing?

If the hacker is able to access victim credentials by using brute force or social engineering technique, he/she can communicate to others by impersonating the victim’s account. The simple example is attacker send messages from the victim account. It comes under the security attribute of Authentication. It can be mitigated by using the appropriate authentication mechanism for login in an application.

What is Tampering?

Tampering is a term defined to unauthorize change of data or code while at rest or in transit. It comes under the property of integrity. It can be mitigated by using various cryptographic algorithms to secure data.

What is Repudiation?

Here the user can dispute regarding sending messages. He or she can claim the messages not sent by them. It comes under the property of non-repudiation. It can be mitigated by using the digital signature for authentication and also create audit logs for activities.

What is Information Disclosure?

If credit card information or personal details is disclosed on the internet, are some examples of information disclosure. It comes under the property of Confidentiality. It can be mitigated by using strong cryptographic algorithms for storing secret data, implementation of proper authorization mechanisms etc.

What is Denial of Service?

A web application is not available to end users because of the cyber attacker attempts to drain all server’s resources. It comes under the security attribute Availability. The simple example of Denial of Service attack is the non-availability of the website due to any reason. It can be mitigated by using network filtering and throttling techniques.

What is the Elevation of privilege?

“A normal user able to delete the account of an administrator” is a perfect example of elevation of privilege. It comes under security attribute authorization. It can be mitigated by using the principle of run users with least privilege.

 

 


Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

Comments:

Your email address will not be published. Required fields are marked *

 
error: