STRIDE model

STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats.^[1] STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system, which may include a full breakdown of processes, data stores, data flows, and trust boundaries.^[2]

Developed by Praerit Garg and Loren Kohnfelder at Microsoft,^[3][4] it provides a mnemonic for security threats in six categories.^[5] Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.

See also

• Attack tree – another approach to security threat modeling, stemming from dependency analysis
• DREAD – a classification system for security threats
• OWASP – an organization devoted to improving web application security through education
• CIA also known as AIC^[6][7] – another mnemonic for a security model to build security in IT systems