butterfly/kb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cd054d3437
kb/data/en.wikipedia.org/wiki/STRIDE_model-0.md

26 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "STRIDE model"
chunk: 1/1
source: "https://en.wikipedia.org/wiki/STRIDE_model"
category: "reference"
tags: "science, encyclopedia"
date_saved: "2026-05-05T11:39:20.858005+00:00"
instance: "kb-cron"
---
STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is a threat model for identifying computer security threats. STRIDE modelling anticipates threats to the target system and builds upon an overarching model of the system often via analysis of data-flow diagrams, which may include a breakdown into processes, data stores, data flows, and trust boundaries.
Developed by Praerit Garg and Loren Kohnfelder at Microsoft, it provides a mnemonic for security threats in six categories. Each STRIDE category corresponds to a core principle of information security: Authenticity, Integrity, Non-repudiability, Confidentiality, Availability and Authorization.
== See also ==
Attack tree another approach to security threat modeling, stemming from dependency analysis
DREAD a classification system for security threats
OWASP an organization devoted to improving web application security through education
CIA also known as AIC another mnemonic for a security model to build security in IT systems
== References ==
== External links ==
Uncover Security Design Flaws Using The STRIDE Approach
Reference in New Issue View Git Blame Copy Permalink