What is the STRIDE threat model?

Praerit Garg and Loren Kohnfelder of Microsoft developed the STRIDE Model to better communicate the various threats facing digital infrastructure. It includes the most significant attack vectors and system vulnerabilities in a framework made for security teams. STRIDE stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

Since every platform has its own unique structure, strengths, and vulnerabilities, STRIDE isn’t a set of distinct guidelines. Instead, the model is generalized enough to apply to any system and requires adaptation based on your own platform’s needs.

What is threat modeling?

Threat modeling is a proactive process used in software development to anticipate potential security threats, ideally catching them before they become vulnerabilities. It allows teams to think critically about how a system could be attacked and design defenses accordingly. By understanding the system’s structure and workflows, developers can pinpoint where threats might emerge and what kind of harm could result.

STRIDE is a common framework within threat modeling, offering a structured approach by categorizing potential threats. Each letter in STRIDE represents a distinct type of security risk:

Spoofing

Spoofing attacks occur when a malicious agent gains access to a system through its user authentication system by pretending to be someone they are not. This threat vector includes both user accounts and developer accounts, each with its own risks. Spoofing attacks are commonly executed through the use of valid accounts obtained by other attacks, such as phishing or data breaches by other companies.

Tampering

This threat vector refers to attacks that alter infrastructure or databases. This includes dismantling aspects of the platform, deleting or altering stored data, and changing web links so they redirect to phishing sites instead of their original destination.

Repudiation

Repudiation refers to the system's ability (or inability) to trace the origin of threats and a malicious agent’s ability to deny its participation in them. In simpler terms, repudiation concerns how well a system can track who hacked it.

Information Disclosure

Information Disclosure involves the exposure of information to anyone who is not supposed to access it. This most commonly includes theft or ransom of customer data and proprietary software, but it also includes anything else not meant to be publicly and freely available. Information disclosure also involves threats that can read data in transit.

Denial of Service:

Denial of Service refers broadly to attacks that deny the availability of a service to its valid users. Direct Denial of Service (DDoS), is a common Denial of Service attack where systems are overloaded with a flood of requests, denying valid accounts the ability to interact with the service.

Elevation of Privilege

This threat vector occurs when a user elevates the amount of privilege their compromised account has within a platform in order to tamper with or remove security from parts of the system. This often involves lateral moves across different systems to subvert or destroy detection mechanisms and protect the threat actor.

How Doppler helps with the STRIDE threat model

Doppler keeps version histories of secrets, allowing your team to fall back to a previous version if tampering has altered or deleted important secrets. Doppler’s comprehensive audit logs can be used to trace the tampering account so your security team can rotate the credentials and regain security of the system.

The primary defense against lateral movement is limiting permissions according to the principle of least privilege. Doppler’s User Groups employ fine-grained role-based access control (RBAC) to enable your DevOps team to assign, customize, and revoke privileged access to accounts quickly and easily, ensuring each account has the minimum access required to perform its tasks. If an account becomes compromised and a hacker has accessed the system, their lateral movement is limited by the permissions they have access to.

Final Thoughts

The STRIDE Model is an important framework for DevOps teams to analyze their specific platform vulnerabilities. Each threat vector represents a different area of platform security to plan for, though each vector’s risk will differ depending on the platform’s existing infrastructure.

Doppler is a developer-first secrets management tool with a high degree of flexibility. It integrates smoothly with other development tools and environments to help store, disseminate, and protect your secrets without hassle. Features like role-based access control, centralized storage of secrets, automatic rotation, and much more help protect against secrets misuse and minimize damage in the event of a breach. Try a demo to determine if it’s the right solution for your team!