S.T.R.I.D.E. - Salem73616C656D/reading-notes GitHub Wiki
Key Takeaways
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
STRIDE:
- A threat modeling framework that is used to help identify blind spots in your application's security.
Spoofing:
- A major area of concern is network security, as much of our connected devices are dependent upon trusting the identity of other devices. In these systems, passwords, keys, tokens, and signatures are among the methods used to authenticate requests. The level of vulnerability varies based on the method.
Tampering:
- Often, data tampering coincides with other potential threats. For example, data may be altered to spoof access, or data tampering could be caused by artificially-elevated privileges. Further, data tampering may cover the tracks of other vulnerabilities, such as overwriting log files that would show how the system was accessed.
Repudiation:
- Repudiation threats take aim at your auditing and tracing, ensuring that bad behavior cannot be proven. Secure systems should build in non-repudiation mechanisms, such that the data source and the data itself can be trusted. For this reason, repudiation is intertwined with other elements of the STRIDE framework. For example, tampered logs or a spoofed account both could lead to the user denying wrongdoing.
Information Disclosure:
- Underlying the security threats mentioned so far is data exposure. Any system that stores or accesses private information may accidentally disclose it. There are any number of methods that can be used to access private data. These disclosures can impact a single user, multiple people, or be specific to a business itself.
Denial of Service:
- Another security threat from the technical news, a denial of service makes a system unreachable by exploiting resources so they can’t be used for legitimate purposes. In networking, this can mean overloading a system with incoming requests, making it impossible for users to connect.
Elevation of Privilege:
- A sophisticated elevation of privilege attack may use all of the other areas of STRIDE for an especially outsized impact. With admin access, the attacker may be able to tamper with systems outside of the typical interfaces. The lack of audit trail could cause both repudiation and information disclosure without any trace. Of course, as mentioned in the previous section, more privileges likely translate to greater resources for a denial of service.
Vocabulary
No new vocabulary
Conclusion
Now that you know the six areas to evaluate, put it into practice. When you begin new projects, proactively consider how STRIDE applies. Either by yourself or with your team, evaluate how each area could be exploited, then plan the steps to limit each threat.
source: ockam.io