Rahul Sharma (Editor)

STRIDE (security)

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

STRIDE is a threat classification model developed by Microsoft for thinking about computer security threats. It provides a mnemonic for security threats in six categories.

The threat categories are:

  • Spoofing of user identity
  • Tampering
  • Repudiation
  • Information disclosure (privacy breach or data leak)
  • Denial of service (D.o.S)
  • Elevation of privilege

    • The STRIDE was initially created as part of the process of threat modelling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows and trust boundaries.

    Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"

    References

    STRIDE (security) Wikipedia
    (Text) CC BY-SA