{"id":1912,"date":"2007-09-11T19:18:00","date_gmt":"2007-09-12T02:18:00","guid":{"rendered":"http:\/\/marcbook.local\/wds\/playground\/cybertrust\/2007\/09\/11\/stride-chart\/"},"modified":"2023-08-07T16:19:36","modified_gmt":"2023-08-07T23:19:36","slug":"stride-chart","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/","title":{"rendered":"STRIDE chart"},"content":{"rendered":"

Adam Shostack here.<\/span><\/p>\n

I’ve been meaning to talk more about what I actually do, which is help the teams within Microsoft who are threat modeling (for our boxed software) to do their jobs better.\u00a0 Better means faster, cheaper or more effectively.\u00a0 There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.\u00a0\u00a0 One of the things that I’ve learned is that we ask a lot of developers, testers, and PMs here.\u00a0 They all have some exposure to security, but terms that I’ve been using for years are often new to them.<\/span><\/span><\/span><\/span><\/p>\n

Larry Osterman is a longtime MS veteran, currently working in Windows audio.\u00a0 He’s been a threat modeling advocate for years, and has been blogging a lot about our new processes, and describes in great detail the STRIDE per element process.\u00a0\u00a0<\/span><\/span><\/span><\/span><\/span><\/p>\n

I wanted to chime in and offer up this handy chart that we use.\u00a0 It’s part of how we teach people to go from a diagram to a set of threats.\u00a0 We used to ask them to brainstorm, and have discovered that that works a lot better with some structure.<\/span><\/span><\/span><\/span><\/span><\/p>\n\n\n\n\n\n\n\n\n\n
\n

Property <\/span><\/p>\n<\/td>\n

\n

Threat <\/span><\/p>\n<\/td>\n

\n

Definition <\/span><\/p>\n<\/td>\n

\n

Example <\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Authentication<\/span><\/p>\n<\/td>\n

\n

S<\/b>poofing<\/span><\/span><\/p>\n<\/td>\n

\n

Impersonating something or someone else. <\/span><\/span><\/p>\n<\/td>\n

\n

Pretending to be any of billg, microsoft.com or ntdll.dll <\/span><\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Integrity<\/span><\/p>\n<\/td>\n

\n

T<\/b>ampering<\/span><\/span><\/p>\n<\/td>\n

\n

Modifying data or code<\/span><\/p>\n<\/td>\n

\n

Modifying a DLL on disk or DVD, or a packet as it traverses the LAN.<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Non-repudiation<\/span><\/p>\n<\/td>\n

\n

R<\/b>epudiation<\/span><\/span><\/p>\n<\/td>\n

\n

Claiming to have not performed an action.<\/span><\/p>\n<\/td>\n

\n

\u201cI didn\u2019t send that email,\u201d \u201cI didn\u2019t modify that file,\u201d \u201cI certainly<\/i> didn\u2019t visit that web site, dear!\u201d<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Confidentiality<\/span><\/p>\n<\/td>\n

\n

I<\/b>nformation Disclosure<\/span><\/span><\/p>\n<\/td>\n

\n

Exposing information to someone not authorized to see it<\/span><\/p>\n<\/td>\n

\n

Allowing someone to read the Windows source code; publishing a list of customers to a web site.<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Availability<\/span><\/p>\n<\/td>\n

\n

D<\/b>enial of Service<\/span><\/span><\/p>\n<\/td>\n

\n

Deny or degrade service to users<\/span><\/p>\n<\/td>\n

\n

Crashing Windows or a web site, sending a packet and absorbing seconds of CPU time, or routing packets into a black hole.<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Authorization<\/span><\/p>\n<\/td>\n

\n

E<\/b>levation of Privilege<\/span><\/span><\/p>\n<\/td>\n

\n

Gain capabilities without proper authorization<\/span><\/p>\n<\/td>\n

\n

Allowing a remote internet user to run commands is the classic example, but going from a limited user to admin is also EoP.<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0<\/span><\/span><\/span><\/span><\/span><\/p>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3683],"products":[],"threat-intelligence":[],"tags":[3898,3822],"coauthors":[1973],"class_list":["post-1912","post","type-post","status-publish","format-standard","hentry","content-type-news","topic-security-management","tag-elevation-of-privilege","tag-microsoft-security-insights"],"yoast_head":"\nSTRIDE chart | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"STRIDE chart | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2007-09-12T02:18:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-07T23:19:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Microsoft Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Microsoft Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mssecurity\/\",\"@type\":\"Person\",\"@name\":\"Microsoft Security\"}],\"headline\":\"STRIDE chart\",\"datePublished\":\"2007-09-12T02:18:00+00:00\",\"dateModified\":\"2023-08-07T23:19:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/\"},\"wordCount\":365,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"keywords\":[\"Elevation of privilege\",\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/\",\"name\":\"STRIDE chart | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"datePublished\":\"2007-09-12T02:18:00+00:00\",\"dateModified\":\"2023-08-07T23:19:36+00:00\",\"description\":\"There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"STRIDE chart\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"STRIDE chart | Microsoft Security Blog","description":"There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/","og_locale":"en_US","og_type":"article","og_title":"STRIDE chart | Microsoft Security Blog","og_description":"There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/","og_site_name":"Microsoft Security Blog","article_published_time":"2007-09-12T02:18:00+00:00","article_modified_time":"2023-08-07T23:19:36+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-microsoft_logo_element.png","type":"image\/png"}],"author":"Microsoft Security","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Microsoft Security","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mssecurity\/","@type":"Person","@name":"Microsoft Security"}],"headline":"STRIDE chart","datePublished":"2007-09-12T02:18:00+00:00","dateModified":"2023-08-07T23:19:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/"},"wordCount":365,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"keywords":["Elevation of privilege","Microsoft Security Insights"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/","name":"STRIDE chart | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"datePublished":"2007-09-12T02:18:00+00:00","dateModified":"2023-08-07T23:19:36+00:00","description":"There are good reasons to optimize for different points on that spectrum (of better\/faster\/cheaper) at different times in different products.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2007\/09\/11\/stride-chart\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"STRIDE chart"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/1912"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=1912"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/1912\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=1912"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=1912"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=1912"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=1912"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=1912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=1912"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=1912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}