{{Short description|Model for identifying computer security threats}} '''STRIDE''' (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats.<ref>{{Cite journal |last=Kohnfelder |first=Loren |last2=Garg |first2=Praerit |date=April 1, 1999 |title=The threats to our products |url=https://shostack.org/files/microsoft/The-Threats-To-Our-Products.docx |journal=Microsoft Interface |accessdate=13 April 2021}}</ref> STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system often via analysis of data-flow diagrams, which may include a breakdown into processes, data stores, data flows, and trust boundaries.<ref>{{Cite book |last=Shostack |first=Adam |title=Threat Modeling: Designing for Security |date=2014 |publisher=Wiley |isbn=978-1118809990 |pages=61–64}}</ref>

Developed by Praerit Garg and Loren Kohnfelder at Microsoft,<ref>{{Cite web |last=Shostack |first=Adam |date=27 August 2009 |title="The Threats To Our Products" |url=https://web.archive.org/web/20180818182151/https://cloudblogs.microsoft.com/microsoftsecure/2009/08/27/the-threats-to-our-products/ |accessdate=18 August 2018 |website=Microsoft SDL Blog |publisher=Microsoft}}</ref><ref>{{Cite book |last=Guzman |first=Aaron |title=IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure your Smart Devices |last2=Gupta |first2=Aditya |publisher=Packt Publishing |year=2017 |isbn=978-1-78728-517-0 |pages=34–35}}</ref> it provides a mnemonic for security threats in six categories.<ref>{{Cite web |title=The STRIDE Threat Model |url=https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx |website=Microsoft |publisher=Microsoft}}</ref> Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.

== See also == * Attack tree – another approach to security threat modeling, stemming from dependency analysis * DREAD – a classification system for security threats * OWASP – an organization devoted to improving web application security through education * CIA also known as AIC<ref>{{Cite web| url=https://www.tripwire.com/state-of-security/security-data-protection/key-ot-cybersecurity-challenges-availability-integrity-confidentiality/ |title=Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality| access-date=2022-07-20| website=tripwire.com |language=en}}</ref><ref>{{Cite web |title=What is the CIA Triad? Definition, Explanation and Examples |url=https://www.techtarget.com/whatis/definition/Confidentiality-integrity-and-availability-CIA |access-date=2022-05-01 |website=WhatIs.com |language=en}}</ref> – another mnemonic for a security model to build security in IT systems

==References== {{Reflist}}

== External links == * [https://web.archive.org/web/20070303103639/http://msdn.microsoft.com/msdnmag/issues/06/11/ThreatModeling/default.aspx Uncover Security Design Flaws Using The STRIDE Approach]

Category:Computer security models {{comp-sci-stub}}