Microsoft Threat Modeling System "STRIDE"

STRIDE is a Microsoft threat modeling system. Essentially, STRIDE is a collection of acronyms designed to assess and classify threats including Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. You have to know first of all that STRIDE is by no means the official threat modeling system over at the Redmond […]

STRIDE is a Microsoft threat modeling system. Essentially, STRIDE is a collection of acronyms designed to assess and classify threats including Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. You have to know first of all that STRIDE is by no means the official threat modeling system over at the Redmond company. In fact, David LeBlanc, a senior technologist for Microsoft's network security group revealed that it's quite the other way around. STRIDE has been documented by both
LeBlanc and another Microsoft security guru Michael Howard. But Microsoft does not rely on the system all
that much.

"We're NOT using this internally very much. This is NOT how MSRC does things. This is just something I sorted out on my own, and hope it is helpful to you. Warning! Do NOT apply this system, or any other system, without THINKING about it," LeBlanc stated adding that "this system may or may not help you arrive at the right conclusion, and if it does not, consider worth what you paid to get it, which is zero."

"Essentially the idea is that you can classify all your threats according to one of the 6 STRIDE categories. Since each category has a specific set of potential mitigations, once you've analyzed the threats and categorized them, you should know how to mitigate them. A caveat, STRIDE is not a rigorous classification mechanism - there's a ton of overlap between the various categories (a successful Elevation of Privilege attack could result in Tampering of data, for instance). But it doesn't change the fact that it's an extremely useful mechanism for analyzing threats to a system," commented Senior Software Development Engineer, Larry Osterman.

Spoofing of course refers to an attacker masquerading as a legitimate organization, usually via DNS hijackings. Tampering involves the alteration of TCP stream of data while in transit. Repudiation is a term designating the behavior of denying having authored an event, such as a financial transaction for example.

Information disclosure is a pretty self-explanatory category and it involves permitting an attacker access to confidential data. Denial of service is a similar term, referencing scenarios where an attack would lead to the degradation of the complete access denial to a certain service. Elevation of privilege is associated not only with buffer overflows but also with an attacker gaining administrative level privileges on a machine.

Microsoft, Microsoft Threat Modeling System, STRIDE

Source:? softpedia