Is STRIDE Still Relevant for Threat Modeling?

Threat modeling is now an increasingly popular tool for teams working on software development as they integrate security into their design lifecycle.

Threat modeling was designed to be a highly customizable tool. Teams can determine the best processes for them, while avoiding the other methods they consider to be unimportant.

STRIDE One of the methods that has become a standard component of threat modeling over time, was recently challenged by my colleagues. They were pondering whether STRIDE is still a viable method for threat modeling.

What exactly is STRIDE?

For those who are not familiar with STRIDE as a model for threat classification It is an acronym that stands for:

Spoofing – Tampering of Information Disclosure – Denial of Service – Escalation Privilege

The classification model could be utilized as part of an exercise in threat modeling which helps the participants decide “What could go wrong with the feature or application we’re creating?” Participants can then think of possible threats to the application or feature through the creation of situations of abuse that fall into the six threat classifications in STRIDE.

However, is this method still relevant for the team members who created models of threats? My personal opinion is expressed, “Probably”.

Think about carefully the Six Classifications of Threats

I can see the value of the use of STRIDE for those who are not experienced people on a risk modeling group. A lot of software engineers aren’t aware and uninformed about the various types of utilized attacks that their programs and features could be required to defend themselves against.

If these novice threat modelers are asked to come up with an inventory of threats, the STRIDE model is an excellent starting point to ensure that all six categories of threats are taken into consideration by the team.

Clear Application Vision using the Eyes of an Attacker

Unexperienced threat models may not be aware of the ways that exposing details about the technical aspects of an application could be utilized by attackers to understand what vulnerabilities might be found in the software or feature. By requiring inexperienced threat modelers to learn about STRIDE, they will start to view the application from the perspective of the attacker. This is a very useful technique when building better security-focused applications.

Reviewing the STRIDE Threat Modeling Check-List

I can also see the value of the use of STRIDE for the more experienced members of the modeler team. However, in this scenario, STRIDE can be used as a check list after the team that is modeling threats has made a list of threats. For instance in the event that the list of threats has been compiled however there aren’t any instances of threats to privilege escalation An experienced group using STRIDE to create a tool will notice that a classification was not found and may take more time to determine whether there aren’t any privilege-escalation threats or if they’ve missed something.

Threat modeling was designed to be able to be customized in order that teams can gain an advantage by using this useful process, no matter the amount of time or resources could be allotted to it. If a threat modeling group is well-trained and comfortable using STRIDE and they could be working on other methods of threat modeling they think are more effective, that’s fine. However, I believe STRIDE can still be a powerful tool for fully understanding, “What threats could this application possibly face in our environment of production”.