/stride

STRIDE

⚠️ work in progress

Table of Contents

Overview

STRIDE

Spoofing

  1. Appropriate authentication
  2. Protect secret data
  3. Don’t store secrets

Tampering

  1. Appropriate authorization
  2. Hashes
  3. MACs
  4. Digital signatures
  5. Tamper resistant protocols

Repudiation

  1. Digital signatures
  2. Timestamps
  3. Audit trails

Information Disclosure

  1. Authorization
  2. Privacy-enhanced protocols
  3. Encryption
  4. Protect secrets
  5. Don’t store secrets

Denial of Service

  1. Appropriate authentication
  2. Appropriate authorization
  3. Filtering
  4. Throttling
  5. Quality of service

Escalation of Privileges

  1. Least Privilege

Starter Template

See THREAT_MODEL.md

Additional Resources