Microsoft developed a threat categorization scheme known as the STRIDE threat model. STRIDE is often used in relation to assessing threats against applications or operating systems.
–Spoofing: An attack with the goal of gaining access to a target system through the use of a falsified identity. Spoofing can be used against Internet Protocol (IP) addresses, MAC addresses, usernames, system names, wireless network service set identifiers (SSIDs), email addresses, and many other types of logical identification.
–Tampering: Any action resulting in unauthorized changes or manipulation of data, whether in transit or in storage.
–Repudiation: The ability of a user or attacker to deny having performed an action or activity.
–Information disclosure:The revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.
–Denial of Service: An attack that attempts to prevent authorized use of a resource.
–Elevation of Privilege: An attack where a limited user account is transformed into an account with greater privileges, powers, and access.
No comments:
Post a Comment