Top Qs
Timeline
Chat
Perspective

STRIDE model

Model for identifying computer security threats From Wikipedia, the free encyclopedia

Remove ads

STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats.[1] STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system, which may include a full breakdown of processes, data stores, data flows, and trust boundaries.[2]

Developed by Praerit Garg and Loren Kohnfelder at Microsoft,[3][4] it provides a mnemonic for security threats in six categories.[5] Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.

Remove ads

See also

  • Attack tree – another approach to security threat modeling, stemming from dependency analysis
  • DREAD – a classification system for security threats
  • OWASP – an organization devoted to improving web application security through education
  • CIA also known as AIC[6][7] – another mnemonic for a security model to build security in IT systems

References

Loading related searches...

Wikiwand - on

Seamless Wikipedia browsing. On steroids.

Remove ads