Threat Modeling and STRIDE Model

By David Xiao

September 9, 2020

TLDR: This post is my collection of articles related to threat modeling and Microsoft STRIDE threat model.

What Is Threat Modeling

At a high level, threat modeling is a process of putting the “bad guy” hat on and conducting an security assessment over a system (such as a website or a mobile app) to identify and prioritize threats and mitigations.

A more complete definition can be found on Wikipedia.

There are many ways to do threat modeling. Depending on the types of system and workloads that are in scope, the applicable threats can vary a lot.

For example, threat modeling over a set of highly scalable workloads deployed on MS Azure might start from a threat library that includes portential threats relevant to Azure services in use, while assessing over a simple web application hosted on on-prem data center might start from a different set of threats relevant to host based security and OWASP Top 10.

What Is STRIDE

STRIDE is both a threat model framework and a methodology that developed and adopted in Microsoft over the years.

STRIDE stands for:

Spoofing: Impersonating something or someone else.
Tampering: Modifying data or code.
Repudiation: Claiming to have not performed an action.
Information Disclosure: Exposing information to someone not authorized to see it.
Denial of Service: Deny or degrade service to users.
Elevation of Privilege: Gain capabilities without proper authorization.