Threat Modelling - Using Microsoft STRIDE Model

When reviewing the security posture of any application or system, it is important to consider the threats that the system is exposed to. This is where threat modelling comes in. Threat modelling is a process of identifying, quantifying and prioritising threats to a system. It is a structured approach to identifying and evaluating potential threats and vulnerabilities. It is a proactive approach to security and helps to identify threats early in the development lifecycle.

A good threat model can help answer the following questions:

  • How can an attacker change the authentication data?
  • What is the impact if an attacker can read the user profile data?
  • What happens if access is denied to the user profile database?

STRIDE is a powerful security threat modeling approach developed by Microsoft. It helps developers and architects identify and mitigate potential security vulnerabilities in software applications.

What is the STRIDE Model:

STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. • It’s a mnemonic that helps remember the primary threat categories.

Components of STRIDE:

Spoofing: Identity theft or impersonation attacks

  • Prevention: strong authentication and secure communication protocols.

Tampering: Unauthorized modification of data or code

  • Prevention: data integrity checks, secure coding practices, and input validation

Repudiation: Disputing the authenticity of an action or transaction

  • Prevention: detailed logging, secure audit trails, and non-repudiation mechanisms

Information Disclosure: Unauthorized access to sensitive data

  • Prevention: encryption, access controls, and data classification

Denial of Service (DoS): Disruption of services or system availability

  • Prevention: traffic monitoring, rate limiting, and redundancy planning

Elevation of Privilege: Gaining unauthorized privileges to perform restricted actions

  • Prevention: principle of least privilege, role-based access control, and secure system configuration

When to apply STRIDE in Software Development:

  • Threat modeling during the design phase
  • Regular security reviews and code audits
  • Incorporating secure coding practices, including security game days
  • Integrating security testing into the development process
  • Continuous training and education for developers

An example template for STRIDE:


Source: https://github.com/OWASP/threat-model-cookbook/blob/master/Template/BLANK/BLANK-draw.io.onepager.xml.pdf

An example DFD of a web application on cloud:


Up next WCAG - Notes Notes on Python
Latest posts Refactor react code to use state store instead of multiple useState hooks Notes on Python Threat Modelling - Using Microsoft STRIDE Model WCAG - Notes Flutter CI/CD with Azure Devops & Firebase - iOS - Part 1 Flutter CI/CD with Azure Devops & Firebase - Android - Part 2 How to samples with AWS CDK A hashicorp packer project to provision an AWS AMI with node, pm2 & mongodb Some notes on Zeebe (A scalable process orchestrator) Docker-Compose in AWS ECS with EFS volume mounts Domain Driven Design Core Principles Apple Push Notifications With Amazon SNS AWS VPC Notes Building and Deploying apps using VSTS and HockeyApp - Part 3 : Windows Phone Building and Deploying apps using VSTS and HockeyApp - Part 2 : Android Building and Deploying apps using VSTS and HockeyApp - Part 1 : iOS How I diagnosed High CPU usage using Windbg WCF service NETBIOS name resolution woes The troublesome Git-Svn Marriage GTD (Getting things done) — A simplified view Javascript Refresher Sharing common connection strings between projects A simple image carousel prototype using Asp.net webforms and SignalR Simple logging with NLog Application logger SVN Externals — Share common assembly code between solutions Simple async in .net 2.0 & Winforms Clean sources Plus Console 2 — A tabbed console window