Categorizing Threats with STRIDE

It is always helpful to categorise the threats in a formal way and then deal with them. Microsoft has developed a threat categorisation scheme called STRIDE which is an acronym that stands for below list:

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service (DoS)
  • Elevation of privilege

Spoofing is gaining access to the target system with a falsified identity. When an attacker spoofs their identity as valid, then generally subsequent attacks follow for data  theft, privilege escalation, abuse…

Tampering is unauthorised change of the data either in transit or in storage. This violates integrity & availability of CIA triad

Repudiation is the ability of a user/attacker to deny their unauthorised actions or activities.

Information Disclosure happens when confidential or non-public data is made available to others entities that are not authorised to view it. Customer information, financial information….

Denial of Service (DoS) is the type of attack that prevents authorised entities to use the resource. This is usually performed by flaw exploitation, connection overloading or traffic flooding. Most DoS attacks are temporary and not always cause complete failure. Usually attack causes reduced throughput or a big latency to the resource which might make system unusable. If it is a permanent DoS Attack, where destruction of data or malicious software installation happens, a full system repair is required to restore the service whereas for temporary DoS attack a simple restart or waiting for attack to end will restore the system to its normal state.

Elevation of privilege is the type of attack where a limited user account is transformed into a more powerful account with greater privileges and access.

Leave a Reply

Your email address will not be published. Required fields are marked *