Warning: include(api.php) [function.include]: failed to open stream: No such file or directory in /home/shapings/public_html/wp-content/themes/arthemia/functions.php on line 2

Warning: include() [function.include]: Failed opening 'api.php' for inclusion (include_path='.:/usr/local/php52/pear') in /home/shapings/public_html/wp-content/themes/arthemia/functions.php on line 2
Shaping Software » Blog Archive » STRIDE Explained
Home » Security

STRIDE Explained

30 March 2008 One Comment

STRIDE is an acronym to help you think about potential software security threats and attacks.  It helps you think evil (i.e. like an attacker.)  I had the privilege of talking to one of the creators of STRIDE, Loren Kohnfelder.  He told me that he originally created STRIDE to help people get in the right mind-set when analyzing security features.

STRIDE Categories

Here’s what STRIDE stands for:

  • Spoofing user identity.
  • Tampering with data.
  • Repudiation.
  • Information disclosure.
  • Denial of service.
  • Elevation of privilege.

Using STRIDE

You can use the STRIDE categories to ask questions related to each aspect of the architecture and design of your application. This is a goal-based approach, where you consider the goals of an attacker. For example, could an attacker spoof an identity to access your server or Web application? Could someone tamper with data over the network or in a data store? Is sensitive information disclosed when you report an error message or log an event? Could someone deny service?

Countermeasures

Here’s examples of countermeasures organized by the STRIDE categories:

Threat / Attack Countermeasures
Spoofing user identity.
  • Use strong authentication.
  • Do not store secrets (for example, passwords) in plaintext.
  • Do not pass credentials in plaintext over the wire.
  • Protect authentication cookies with Secure Sockets Layer (SSL).
Tampering with data.
  • Use data hashing and signing. Use digital signatures.
  • Use strong authorization.
  • Use tamper-resistant protocols across communication links.
  • Secure communication links with protocols that provide message integrity.
Repudiation.
  • Create secure audit trails.
  • Use digital signatures.
Information Disclosure.
  • Use strong authorization.
  • Use strong encryption.
  • Secure communication links with protocols that provide message confidentiality.
  • Do not store secrets (for example, passwords) in plaintext.
Denial of Service.
  • Use resource and bandwidth throttling techniques.
  • Validate and filter input.
Elevation of privilege.
  • Follow the principle of least privilege and use least privileged service accounts to run processes and access resources.

One Comment »