Threat modeling framework
The threat-modeling framework looks at each element in the data-flow diagram, including each one's interactions. It helps you find potential threats and ways to reduce or eliminate risk.
Threat categories
Microsoft engineers find security design issues using the six major threat categories in the STRIDE framework:
| Category | Description |
|---|---|
| Spoofing | Pretending to be someone or something else |
| Tampering | Changing data without authorization |
| Repudiation | Not claiming responsibility for an action taken |
| Information disclosure | Seeing data without permission |
| Denial of service | Overwhelming the system |
| Elevation of privilege | Having permissions I shouldn't have |
Security control categories
Each threat category is associated with a security control to help you reduce or eliminate risk:
| Category | Security Control | Description |
|---|---|---|
| Spoofing | Authentication | They are who they say they are |
| Tampering | Integrity | Prevents data from being maliciously modified |
| Repudiation | Non-repudiation | Actions are tied to users |
| Information disclosure | Confidentiality | Data is protected against unintended disclosure |
| Denial of service | Availability | System handles all requests appropriately |
| Elevation of privilege | Authorization | User has appropriate permissions to carry out a request |
In the next few units, we look at each threat category.