1.3 KiB
| title | chunk | source | category | tags | date_saved | instance |
|---|---|---|---|---|---|---|
| STRIDE model | 1/1 | https://en.wikipedia.org/wiki/STRIDE_model | reference | science, encyclopedia | 2026-05-05T11:39:20.858005+00:00 | kb-cron |
STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats. STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system often via analysis of data-flow diagrams, which may include a breakdown into processes, data stores, data flows, and trust boundaries. Developed by Praerit Garg and Loren Kohnfelder at Microsoft, it provides a mnemonic for security threats in six categories. Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.
== See also == Attack tree – another approach to security threat modeling, stemming from dependency analysis DREAD – a classification system for security threats OWASP – an organization devoted to improving web application security through education CIA also known as AIC – another mnemonic for a security model to build security in IT systems
== References ==
== External links == Uncover Security Design Flaws Using The STRIDE Approach