Security is often defined as a negative property: a system is perfectly secure whenever there is no possible way to attack it. In order to assess the security of a system, we must therefore look at all the possible threats. The STRIDE model is a useful tool to help us classify threats.
The STRIDE model was developed by Microsoft in order to help security engineers understand and classify all possible threats on a server. The name of this model is an acronym for the six main types of threats:
- Information disclosure
- Denial of service
- Escalation of privileges
Most security systems rely on the identification and authentication of users. Spoofing attacks consist in using another user credentials without their knowledge. Typical spoofing threats target weak authentication mechanisms, for instance those using simple passwords, like a simple 4 digits number, or those using personal information that can be easily found, like date or place of birth.
Only authorised users should be able to modify a system or the data it uses. If an attacker is able to tamper with it, it can have some consequences on the usage of the system itself, for instance if the attacker can add or remove some functional elements, or on the purpose of the system, for instance if important data is destroyed or modified.
Attackers often want to hide their malicious activity, to avoid being detected and blocked. They might therefore try to repudiate actions they have performed, for instance by erasing them from the logs, or by spoofing the credentials of another user.
Many systems contain confidential information, and attackers often aim at getting hold of it. There are numerous examples of data breaches in the recent years.
Denial of service
A system is usually deployed for a particular purpose, whether it is a banking application or an integrated media management on a car. In some cases, attackers will have some interest in preventing regular users to access the system, for instance as a way to blackmail and extort money from the owner of the system (e.g., with ransomware).
Escalation of privilege
Once a user is identified on a system, they usually have some sort of privileges, i.e., they are authorised to perform some actions, but not necessarily all of them. An attacker might therefore try to acquire additional privileges, for instance by spoofing a user with higher privileges, or by tampering the system to change their own privileges.
How might you apply this model?
In the next step we’ll explore how you might apply the STRIDE model in the context of the future home.
© Newcastle University