📖 WIPIVERSE

🔍 Currently registered entries: 91,698건

STRIDE (algorithm)

STRIDE is a threat modeling methodology used to identify and categorize security threats to a system. It was originally developed at Microsoft and is primarily focused on identifying threats from the perspective of an attacker. The acronym STRIDE stands for six distinct categories of threats:

  • Spoofing: Impersonating another user or entity. This involves gaining unauthorized access to resources by pretending to be someone or something else.

  • Tampering: Modifying data or code in an unauthorized way. This can involve changing data in transit or at rest, altering code to inject malicious functionality, or corrupting system configurations.

  • Repudiation: Denying that an action took place. This occurs when a user performs an action but later denies having done so, and the system lacks the ability to prove otherwise.

  • Information Disclosure: Exposing sensitive information to unauthorized individuals. This can include unintentional leakage of data, exposing system secrets, or providing unauthorized access to confidential files.

  • Denial of Service (DoS): Making a system or resource unavailable to legitimate users. This can be achieved by overwhelming the system with requests, exploiting vulnerabilities to crash the system, or disrupting network connectivity.

  • Elevation of Privilege: Gaining unauthorized access to resources or functionalities with higher privileges than the user is entitled to. This allows an attacker to perform actions that they should not be able to, such as accessing sensitive data or modifying system configurations.

The STRIDE methodology is typically applied after a system has been decomposed into its components and data flows have been identified. It involves systematically considering each component and data flow and asking how each of the six categories of threats could apply. This process helps to identify potential vulnerabilities and prioritize mitigation efforts. While originating from Microsoft, STRIDE is applicable to a wide variety of systems and architectures and is a widely recognized and used threat modeling technique.

© 2024 WIPIVERSE