Threat Modeling Flashcards
1
Q
Describe the STRIDE model
A
- Spoofing
- Tampering
- Repudiation
- Information disclousre
- Denial of service
- Escalation of privilege
2
Q
Describe spoofing in terms of STRIDE and give an example
A
- using another users credentials without their knowledge
- simple passwords are vulnerable
- eg date of birth / 4 digit passwords
3
Q
Describe tampering in terms of STRIDE and give an example
A
- only authorised users should be able to modify a system
- example attacker adding or removing functional elements
4
Q
Describe repudiation in terms of STRIDE and give an example
A
- attackers want to hide their actions
- example: deleting logs, or by spoofing another user credentials
5
Q
Describe Information disclosure in terms of STRIDE and give an example
A
- keeping confidential information secure
- example: error messages leaking information
6
Q
Describe Denial of service in terms of STRIDE and give an example
A
- attackers may want to prevent users from accessing a system
- blackmailing / extorting owners of the system
7
Q
Describe Escalation of privilege in terms of STRIDE and give an example
A
- the tampering of a system to acquire additional privlieges
- example: spoofing a user or tampering
