STRIDE Threat Model
| Threat | Threat Definition |
|---|---|
| Spoofing | Pretending to be something or someone other than oneself |
| Tampering | Unauthorised modification of data on disk, in network transit, in memory, or in other locations |
| Repudiation | Denying responsibility for an action or event (whether the claim is true or false) |
| Information Disclosure | Unauthorised access to or exposure of sensitive or confidential information |
| Denial of Service | Making a service unavailable by exhausting or depleting required resources |
| Elevation of Privilege | Gaining higher access rights or permissions than originally authorised |
Recommended Threat Modeling Steps¶
Step 1: Define security requirements¶
Define security requirements
Create an application diagram
Identify threats
Mitigate threats
Validate that threats have been mitigated
Step 2: Creating a Simple Design Representation¶
When applying STRIDE , create a simple representation of your design. Typically, this is done by creating a simple diagram.
Data processes are represented with circles
Data stores are represented with lines above and below their names (you may also see them as cylinders)
Data flows are represented with directed lines; these include data flows over a network
Interactors
Trust boundaries are represented with a dashed line; these represent the border between trusted and untrusted portions.
Everything except the trust boundaries, processes, data stores, data flows, and interactors, are considered elements.
The idea is to have a simple model of the design that shows the essential features. Here are some quick rules of thumb for a good representation:
Every data store should have at least one input and at least one output (“no data coming out of thin air”).
Only processes read or write data in data stores (“no psychokinesis”).
Similar elements in a single trust boundary can be collapsed into one element (“make the model simple”).
Step 3: Identify Threats Using STRIDE¶
When applying STRIDE examine each of the elements (processes, data stores, data flows, and interactors) to determine the threats to which it is susceptible. For each element, you look for the threats as shown in this table:
| Threat | Property Violated | Threat Definition |
|---|---|---|
| S | Spoofing Identity | Authentication |
| T | Tampering with Data | Integrity |
| R | Repudiation | Non-repudiation |
| I | Information Disclosure | Confidentiality |
| D | Denial of Service | Availability |
| E | Elevation of Privilege | Authorization |