STRIDE model (original) (raw)
From Wikipedia, the free encyclopedia
(Redirected from STRIDE (security))
Model for identifying computer security threats
STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats.[1] STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system, which may include a full breakdown of processes, data stores, data flows, and trust boundaries.[2]
Developed by Praerit Garg and Loren Kohnfelder at Microsoft,[3][4] it provides a mnemonic for security threats in six categories.[5] Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.
- Attack tree – another approach to security threat modeling, stemming from dependency analysis
- DREAD – a classification system for security threats
- OWASP – an organization devoted to improving web application security through education
- CIA also known as AIC[6][7] – another mnemonic for a security model to build security in IT systems
- ^ Kohnfelder, Loren; Garg, Praerit (April 1, 1999). "The threats to our products". Microsoft Interface. Retrieved 13 April 2021.
- ^ Shostack, Adam (2014). Threat Modeling: Designing for Security. Wiley. pp. 61–64. ISBN 978-1118809990.
- ^ Shostack, Adam (27 August 2009). ""The Threats To Our Products"". Microsoft SDL Blog. Microsoft. Retrieved 18 August 2018.
- ^ Guzman, Aaron; Gupta, Aditya (2017). IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices. Packt Publishing. pp. 34–35. ISBN 978-1-78728-517-0.
- ^ "The STRIDE Threat Model". Microsoft. Microsoft.
- ^ "Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality". tripwire.com. Retrieved 2022-07-20.
- ^ "What is the CIA Triad? Definition, Explanation and Examples". WhatIs.com. Retrieved 2022-05-01.