README.md

STRIDE

⚠️ work in progress

Table of Contents

• Overview
• STRIDE
  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Escalation of Privileges
• Starter Template
• Additional Resources

Overview

STRIDE

Spoofing

1. Appropriate authentication
2. Protect secret data
3. Don’t store secrets

Tampering

1. Appropriate authorization
2. Hashes
3. MACs
4. Digital signatures
5. Tamper resistant protocols

Repudiation

1. Digital signatures
2. Timestamps
3. Audit trails

Information Disclosure

1. Authorization
2. Privacy-enhanced protocols
3. Encryption
4. Protect secrets
5. Don’t store secrets

Denial of Service

1. Appropriate authentication
2. Appropriate authorization
3. Filtering
4. Throttling
5. Quality of service

Escalation of Privileges

1. Least Privilege

Starter Template

See THREAT_MODEL.md

Additional Resources

• Demystifying STRIDE
• OWASP Threat Modeling