STRIDE: Acronym of Threat Modeling System
Today we will discuss STRIDE. It is an acronym for a threat modeling system. It helps to classify security attacks among six different threat types.
STRIDE
In simple terms, any cyber attack can be classified as STRIDE. It is defined as:
- Spoofing
- Tampering
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privilege
What is Spoofing?
If the hacker is able to access victim credentials by using brute force or social engineering techniques, he/she can communicate with others by impersonating the victim's account. A simple example is an attacker sending messages from the victim's account. It comes under the security attribute of Authentication. It can be mitigated by using the appropriate authentication mechanism for login into an application.
What is Tampering?
Tampering is a term defined to unauthorize change of data or code while at rest or in transit. It comes under the property of integrity. It can be mitigated by using various cryptographic algorithms to detect the integrity of data.
What is Repudiation?
Here the user can dispute the origin of sending messages. He or she can claim the messages not sent by them. It comes under the property of non-repudiation. It can be mitigated by using the digital signature for authentication and also creating audit logs for activities.
What is Information Disclosure?
If credit card information or personal details is disclosed on the internet, are some examples of information disclosure. It comes under the property of Confidentiality. It can be mitigated by using strong cryptographic algorithms for storing secret data, implementing of proper authorization mechanisms, etc.
What is Denial of Service?
A web application is not available to end users because the cyber attacker attempts to drain all server's resources. It comes under the security attribute Availability. A simple example of a Denial of Service attack is the non-availability of the website due to any reason. It can be mitigated by using network filtering and throttling techniques.
What is the Elevation of privilege?
"A normal user able to delete the account of an administrator" is a perfect example of elevation of privilege. It comes under security attribute authorization. It can be mitigated by using the principle of run users with the least privilege.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
Nice