457:
118:. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows, and trust boundaries.
394:
213:
Repudiation is unusual because it's a threat when viewed from a security perspective, and a desirable property of some privacy systems, for example, Goldberg's "
445:
498:
418:
217:" messaging system. This is a useful demonstration of the tension that security design analysis must sometimes grapple with.
353:
121:
Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"
300:
378:
235:
17:
522:
220:
Elevation of privilege is often called escalation of privilege, or privilege escalation. They are synonymous.
240:
491:
274:
252:
517:
214:
97:
326:
484:
105:
8:
255:
also known as AIC – another mnemonic for a security model to build security in IT systems
346:
IoT Penetration
Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices
472:
169:
Claiming that you didn't do something or were not responsible; can be honest or false
374:
349:
67:
37:
34:
464:
41:
249:– an organization devoted to improving web application security through education
232:– another approach to security threat modeling, stemming from dependency analysis
115:
75:
59:
468:
395:"Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality"
511:
87:
229:
91:
45:
49:
124:
Each threat is a violation of a desirable property for a system:
456:
180:
Someone obtaining information they are not authorized to access
202:
Allowing someone to do something they are not authorized to do
419:"What is the CIA Triad? Definition, Explanation and Examples"
246:
158:
Modifying something on disk, network, memory, or elsewhere
114:
The STRIDE was initially created as part of the process of
147:
Pretending to be something or someone other than yourself
446:
Uncover
Security Design Flaws Using The STRIDE Approach
273:Kohnfelder, Loren; Garg, Praerit (April 1, 1999).
509:
191:Exhausting resources needed to provide service
27:Model for identifying computer security threats
272:
243:– a classification system for security threats
492:
343:
499:
485:
368:
298:
52:for security threats in six categories.
371:Threat Modeling: Designing for Security
208:
14:
510:
344:Guzman, Aaron; Gupta, Aditya (2017).
451:
348:. Packt Publishing. pp. 34–35.
24:
25:
534:
439:
299:Shostack, Adam (27 August 2009).
236:Cyber security and countermeasure
455:
301:""The Threats To Our Products""
411:
387:
362:
337:
319:
292:
266:
40:developed by Praerit Garg and
13:
1:
275:"The threats to our products"
259:
471:. You can help Knowledge by
7:
223:
33:is a model for identifying
10:
539:
450:
373:. Wiley. pp. 61–64.
327:"The STRIDE Threat Model"
369:Shostack, Adam (2014).
86:nformation disclosure (
523:Computer science stubs
196:Elevation of privilege
174:Information disclosure
109:levation of privilege
209:Notes on the threats
279:Microsoft Interface
305:Microsoft SDL Blog
136:Threat Definition
48:. It provides a
518:Computer security
480:
479:
355:978-1-78728-517-0
206:
205:
185:Denial of service
166:Non-repudiability
55:The threats are:
35:computer security
18:STRIDE (security)
16:(Redirected from
530:
501:
494:
487:
465:computer science
459:
452:
433:
432:
430:
429:
415:
409:
408:
406:
405:
391:
385:
384:
366:
360:
359:
341:
335:
334:
323:
317:
316:
314:
312:
296:
290:
289:
287:
285:
270:
133:Desired property
127:
126:
101:enial of service
42:Loren Kohnfelder
21:
538:
537:
533:
532:
531:
529:
528:
527:
508:
507:
506:
505:
442:
437:
436:
427:
425:
417:
416:
412:
403:
401:
393:
392:
388:
381:
367:
363:
356:
342:
338:
325:
324:
320:
310:
308:
297:
293:
283:
281:
271:
267:
262:
226:
211:
177:Confidentiality
116:threat modeling
28:
23:
22:
15:
12:
11:
5:
536:
526:
525:
520:
504:
503:
496:
489:
481:
478:
477:
460:
449:
448:
441:
440:External links
438:
435:
434:
410:
386:
380:978-1118809990
379:
361:
354:
336:
318:
291:
264:
263:
261:
258:
257:
256:
250:
244:
238:
233:
225:
222:
215:Off the Record
210:
207:
204:
203:
200:
197:
193:
192:
189:
186:
182:
181:
178:
175:
171:
170:
167:
164:
160:
159:
156:
153:
149:
148:
145:
142:
138:
137:
134:
131:
112:
111:
103:
95:
88:privacy breach
81:
73:
65:
26:
9:
6:
4:
3:
2:
535:
524:
521:
519:
516:
515:
513:
502:
497:
495:
490:
488:
483:
482:
476:
474:
470:
467:article is a
466:
461:
458:
454:
453:
447:
444:
443:
424:
420:
414:
400:
396:
390:
382:
376:
372:
365:
357:
351:
347:
340:
332:
328:
322:
306:
302:
295:
280:
276:
269:
265:
254:
251:
248:
245:
242:
239:
237:
234:
231:
228:
227:
221:
218:
216:
201:
199:Authorization
198:
195:
194:
190:
187:
184:
183:
179:
176:
173:
172:
168:
165:
162:
161:
157:
154:
151:
150:
146:
143:
140:
139:
135:
132:
129:
128:
125:
122:
119:
117:
110:
108:
104:
102:
100:
96:
93:
89:
85:
82:
80:
78:
74:
72:
70:
66:
64:
62:
58:
57:
56:
53:
51:
47:
43:
39:
36:
32:
19:
473:expanding it
462:
426:. Retrieved
422:
413:
402:. Retrieved
399:tripwire.com
398:
389:
370:
364:
345:
339:
333:. Microsoft.
330:
321:
309:. Retrieved
304:
294:
282:. Retrieved
278:
268:
219:
212:
188:Availability
144:Authenticity
123:
120:
113:
106:
98:
83:
76:
68:
60:
54:
30:
29:
307:. Microsoft
230:Attack tree
163:Repudiation
512:Categories
428:2022-05-01
423:WhatIs.com
404:2022-07-20
260:References
79:epudiation
331:Microsoft
311:18 August
155:Integrity
152:Tampering
92:data leak
46:Microsoft
284:13 April
224:See also
141:Spoofing
71:ampering
50:mnemonic
63:poofing
38:threats
377:
352:
130:Threat
31:STRIDE
463:This
247:OWASP
241:DREAD
469:stub
375:ISBN
350:ISBN
313:2018
286:2021
253:CIA
90:or
44:at
514::
421:.
397:.
329:.
303:.
277:.
500:e
493:t
486:v
475:.
431:.
407:.
383:.
358:.
315:.
288:.
107:E
99:D
94:)
84:I
77:R
69:T
61:S
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.