my-server

← Wiki Redirected from STRIDE (security)

STRIDE model

STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats. STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system often via analysis of data-flow diagrams, which may include a breakdown into processes, data stores, data flows, and trust boundaries.

Developed by Praerit Garg and Loren Kohnfelder at Microsoft, it provides a mnemonic for security threats in six categories. Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.

See also

Attack tree Ã¢ÂÂ another approach to security threat modeling, stemming from dependency analysis
DREAD Ã¢ÂÂ a classification system for security threats
OWASP Ã¢ÂÂ an organization devoted to improving web application security through education
CIA also known as AIC Ã¢ÂÂ another mnemonic for a security model to build security in IT systems

References

External links

Uncover Security Design Flaws Using The STRIDE Approach