STRIDE (security)
Encyclopedia
STRIDE is a system developed by Microsoft for classifying computer security
threats
. It provides a mnemonic
for security threats in six categories.
The threat categories are:
The STRIDE name comes from the initials of the six threat categories listed. It was initially proposed for threat model
ing, but is now used more broadly.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
threats
Threat (computer)
In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.A threat can be either "intentional" or "accidental" In Computer security a threat is a possible danger that might exploit a vulnerability to breach security and...
. It provides a mnemonic
Mnemonic
A mnemonic , or mnemonic device, is any learning technique that aids memory. To improve long term memory, mnemonic systems are used to make memorization easier. Commonly encountered mnemonics are often verbal, such as a very short poem or a special word used to help a person remember something,...
for security threats in six categories.
The threat categories are:
- SpoofingSpoofing attackIn the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...
of user identity - TamperingData securityData security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security.- Disk Encryption...
- RepudiationNon-repudiationNon-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged...
- Information disclosure (privacy breachData privacyInformation privacy, or data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them....
or Data leak) - Denial of ServiceDenial-of-service attackA denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
(D.o.S.) - Elevation of privilegePrivilege escalationPrivilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user...
The STRIDE name comes from the initials of the six threat categories listed. It was initially proposed for threat model
Threat model
Threat modeling has two distinct, but related, meanings in computer security. The first is a description of the security issues the designer cares about...
ing, but is now used more broadly.