STRIDE

STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows, and trust boundaries.

Threat	Desired property	Threat Definition
Spoofing	Authenticity	Pretending to be something or someone other than yourself
Tampering	Integrity	Modifying something on disk, network, memory, or elsewhere
Repudiation	Non-reputability	Claiming that you didn’t do something or were not responsible; can be honest or false
Information Disclosure	Confidentiality	Someone obtaining information they are not authorized to access
Denial of Service	Availability	Exhausting resources needed to provide service
Elevation of Privilege	Authorization	Allowing someone to do something they are not authorized to do

1. For each object, determine whether each STRIDE element is an applicable threat:
   • External Entity
   • Process
   • Data Flow
   • Data Store
   • etc.
2. Perform risk analysis where a STRIDE element applies
3. Evaluate which threat mitigation measures (or other ways to address the risk) could be applied
4. Make a decision and implement

^{1 2 3}

---

Relevant Note(s):

Footnotes

1. https://learn.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20) ↩

2. https://shostack.org/files/papers/modsec08/Shostack-ModSec08-Experiences-Threat-Modeling-At-Microsoft.pdf ↩

3. https://en.wikipedia.org/wiki/STRIDE_model ↩