STRIDE was developed at Microsoft by Praerit Garg and Loren Kohnfelder, and is a way to easily remember categories of threats; it’s particularly useful when carrying out threat modelling activities. The categories are as follows:

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

Spoofing

Spoofing violates authenticity, by impersonating an identity and taking advantage of trust.

Mitigation: You can introduce authentication mechanisms to reduce risk.

Tampering

Tampering violates integrity, which is a pillar of the CIA triad. It can be observed through modification of restricted data, code, configurations, physical infrastructure, etc. Tampering can occur with data at rest, in transit, and in memory.

Mitigation: The risk of tampering can be reduced through encryption, digital signature verification, and minimising access to production systems.

Repudiation

Repudiation violates non-repudiation, meaning the evidence of something taking place can be disputed. This means someone can claim you have done something you haven’t or claim you didn’t do something you did. With non-repudiation, you cannot deny you did or didn’t do something.

Mitigation: Implementing robust audit logging and removing the ability to modify or delete these logs will reduce the risk of repudiation.

Information Disclosure

Information disclosure violates confidentiality, which is another pillar of the CIA triad. It relates to obtaining data you should not have access to.

Mitigation: Implementing least privilege access or zero trust alongside encryption reduces the risks associated with information disclosure.

Denial of Service (DoS)

DoS violates availability, which is the 3rd pillar of the CIA triad. This threat prevents legitimate users from accessing and using a system. It can be achieved through the destruction of data, consuming finite network resources, CPU cycles, memory, or disk space.

Mitigation: Implementing resource quotas, throttling, and least privilege access will reduce the risk of denial of service threats.

Elevation of Privilege (EoP)

EoP violates authorization, and is characterised by using existing access to perform actions that should not be allowed. An example of this within AWS is the “confused deputy” problem, where a lesser privileged entity tricks a more privileged entity to carry out tasks on its behalf.

Mitigation: Implementing robust access controls and authorization checks will reduce the risk of elevation of privilege, and the technical security control for mitigating a confused deputy attack is to use an external ID in the trust policy for cross account access.