STRIDE (security)


STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats. It provides a mnemonic for security threats in six categories.
The threats are:
The STRIDE was initially created as part of the process of threat modeling. STRIDE is a model of threats, used to help reason and find threats to a system. It is used in conjunction with a model of the target system that can be constructed in parallel. This includes a full breakdown of processes, data stores, data flows and trust boundaries.
Today it is often used by security experts to help answer the question "what can go wrong in this system we're working on?"
Each threat is a violation of a desirable property for a system:
ThreatDesired property
SpoofingAuthenticity
TamperingIntegrity
RepudiationNon-repudiability
Information disclosureConfidentiality
Denial of ServiceAvailability
Elevation of PrivilegeAuthorization