STRIDE is an easy-to-use threat modeling methodology developed by Microsoft. STRIDE helps in identifying threats and is an abbreviation for the following terms:
- S—spoofing: Threats in the spoofing category include an adversary creating and exploiting confusion about the identity of someone or something.
For example, an adversary sends an email to a user pretending to be someone else.
- T—tampering: A tampering threat involves an adversary making modifications in data while in storage or in transit.
For example, an adversary intercepts network packets, changes payment information, and forwards them to the target.
- R—repudiation: Repudiation involves an adversary performing a certain action and then later denying having performed the action.
For example, an adversary sends a threatening email to the victim and later denies sending the email.
- I—information disclosure: Information disclosure threats involve an adversary gaining unauthorized access to confidential information.
For example, an adversary gains a user's password using a brute-force attack.
An adversary gains access to a database containing payment information for many users.
- D—denial of service: A denial of service threat involve denying legitimate users access to systems or components.
For example, an adversary causes a web server to crash by sending a specially crafted TCP packet, thereby denying access to legitimate end users.
- E—elevation of privileges: An elevation of privilege threat involves a user or a component being able to access data or programs for which they are not authorized.
For example, an adversary who isn't even authorized for read access, is able to modify the file as well.
An adversary with a normal (non-privileged) account is able to perform administrator level tasks.
The preceding list of threats could be applied to the components of the target model. Multiple threats could be categorized into threat categories, as shown in the following table:
DREAD category
|
Threat example
|
Spoofing | An attacker impersonating as administrator, sending out phishing mails to all users in the organization. |
Tampering | An attacker intercepting and modifying the data sent to from the application. |
Repudiation | An attacker sending a threatening email and later on denying the same. |
Information disclosure | An attacker getting access to database containing user credentials in plain text. |
Denial of service | An attacker sending huge number of packets from multiple sources to one single target in order to bring it down. |
Elevation of privileges | An attacker exploiting a vulnerable component to escalate privileges. |