STRIDE
STRIDE é um framework de threat modeling de seis categorias usado para identificar e mitigar threats por categoria.
STRIDE fornece uma taxonomia estruturada para pensar sobre threats a sistemas de software. Cada categoria destaca padrões de threat do mundo real e mitigations típicas. STRIDE é comumente aplicado a Data Flow Diagrams ou modelos de arquitetura para revelar como assets como authentication tokens, data stores ou cryptographic keys podem ser mal utilizados ou expostos. O uso prático envolve mapear as categorias STRIDE para controls como strong authentication (Spoofing), data integrity checks (Tampering), non-repudiation e audit logging (Repudiation), encryption e access controls (Information Disclosure), resource provisioning e rate limiting (Denial of Service), e least-privilege/principal isolation (Elevation of Privilege). As limitações incluem sensibilidade ao contexto e o fato de que STRIDE não classifica inherentemente threats por risk sem contexto adicional.
graph LR
Center["STRIDE"]:::main
Rel_antimatter_propulsion["antimatter-propulsion"]:::related -.-> Center
click Rel_antimatter_propulsion "/terms/antimatter-propulsion"
Rel_arpanet["arpanet"]:::related -.-> Center
click Rel_arpanet "/terms/arpanet"
Rel_artificial_consciousness["artificial-consciousness"]:::related -.-> Center
click Rel_artificial_consciousness "/terms/artificial-consciousness"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explique como se eu tivesse 5 anos
Generated ELI5 content
🤓 Expert Deep Dive
Generated expert content
❓ Perguntas frequentes
What does STRIDE stand for?
Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.
How is STRIDE used in threat modeling?
It is applied to architectural diagrams and data flows to identify and mitigate threats by category.
Why is Elevation of Privilege included?
STRIDE is a threat modeling framework introduced by Microsoft to identify, categorize, and mitigate security threats against a system. It stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
How many STRIDE categories are there?
Six categories in the canonical STRIDE model.