USA: +1(669)289-8683 
Sign in
Question format:
What does the “S” stand for in STRIDE?
a. Secure
*b. Spoofing
c. Sanitizing
d. Serial
So, to summarize, you have (5) actions to complete (2 posts, 3 comments).
Research Paper on STRIDE
Presented By
Kranthi Sekhar Reddy Kolli
(002832361)
University of Cumberlands
Threat Modeling:
According to Adam Shostack(2017) Threat modeling is about building models, and using those models to help you think about what’s going to go wrong. There are models implicit in most things. For example, in threat intelligence, you often receive IP addresses, email addresses, and similar “indicators.” Implicit is that you’ll plug those IPs into your firewall or IDS, or block or detect those emails at your mail server. There are also important details rarely discussed: Is your firewall from Palo Alto or Fortinet Each has a different user interface, but each has a way to block an IP address.
Threat modeling is essential to becoming proactive and strategic in your operational and application security. Modern threat modeling is agile and integrative, building collaboration between security and other teams. That’s security and development, security and operations, security and all sorts of others. Threat modeling is also essential in moving away from “gut feel” to a disciplined approach to problems (2017).
STRIDE:
Stride is a systematic way to deal with recognizing our application’s advantages and the in all probability threats to them. What resources would we say we are talking about precisely? This would be anything that is put away in a database, CPU influence, and documents situated in a record framework. When you have set aside the opportunity to assess your advantages, you would then be able to start to survey the genuine dangers that issue most to your foundation (Shostack, 2017).
The name STRIDE [Hernan 2006] is an acronym based on the initials of the six threat categories: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. These categories are not mutually exclusive, and complex attacks may involve a combination of them. However, they provide a useful set that non-security experts can use to reason about security threats.
Spoofing:
Spoofing is an attack in which people (or programs) represent themselves as something other than what they truly are, with the intent of gaining authorized access to resources for which they should be unauthorized. A successful spoofing attack is one that allows an attacker to foil or avoid authentication.
Conditions under Which Spoofing Might Occur:
Spoofing can occur when the source or destination of a message is not properly trusted (e.g., via authentication), but the requested action in the message is still performed. Spoofing can be successful if the attacking component can steal another component’s identity to appear authentic or if other components do not demand proof of authentication.
Spoofing Risks:
When considering spoofing attacks, we must think about these general design weaknesses that would allow spoofing to occur:
· There is no authentication, or the authentication mechanism has been broken or bypassed.
· An external (third-party) component is mistakenly trusted as authenticated.
Spoofing attacks violate the Authentication Property.
Tampering:
The objective of tampering is to perform unauthorized modifications to data or services. In a tampering attack, an attacker makes a modification to change the system’s runtime behavior through unauthorized access to the data or service.
Conditions under Which Tampering Might Occur:
Tampering could occur if the infotainment system contains data stores, as it almost certainly will. If the data’s encryption is strong, the attacking component can attempt to simply corrupt the data, rendering the system unusable or less usable. If the encryption is weak (or non-existent), the attacking component can modify the data, perhaps without being detected. This risk can also affect data in motion, if it is not adequately encrypted.
Tampering Risks:
When considering tampering attacks, we must think about these risks:
· If tampering is not detected, any assumptions about system behavior are invalidated.
· Trust boundaries will affect how components are grouped and hence where encryption will and will not be applied.
· Trust boundaries will affect when and where an actor is authenticated or re-authenticated.
Tampering attacks violate the Integrity Property.
Repudiation:
Repudiation can occur when a system does not properly track and log the actions or changes of users (or other system actors). In such a case, malicious users may be able to forge an identity so that their actions (attacks) will be difficult to trace and might go undetected for an extended period of time.
Conditions Under Which Repudiation Might Occur:
Repudiation could occur if an attacking component changes data (e.g., state information, driver information) without the possibility of that change being traced back to that component. Such changes will be difficult to detect and prevent if, for example, the components store data without using a data hash.
Repudiation Risks:
When considering repudiation attacks, we must think about these risks:
· If no logging is being done, repudiation cannot be ensured.
· If authentication is inadequate, logging is meaningless.
Repudiation attacks violate the Non-Repudiation property.
Information Disclosure:
Information disclosure enables an attacker to gain (potentially sensitive) information about a system, possibly leading to a data leak, a privacy breach, or the disclosure of information that could be used to launch additional attacks.
Conditions Under Which Information Disclosure Might Occur:
If an attacker can read a process’s state, capture information in transit, or break into a system’s database, sensitive information might be disclosed. For example, if the system uses the broadcast of messages or publish/subscribe features, an attacking component might be able to use this design weakness to steal information in transit. Similarly, if an attacking component can spoof a recipient’s identity, it could collect (and steal) poorly protected information intended for the legitimate recipient.
Information Disclosure Risks:
When considering attacks that could lead to information disclosure, we must think about these risks:
· Disclosure of operational information can lead to other security or availability problems.
· Disclosure of customer or user information can lead to a loss of reputation, as well as increased likelihood of other kinds of attacks.
Information disclosure attacks violate the Confidentiality property.
Denial of Service:
A denial of service (DoS) attack is an attempt to make a computational or network resource unavailable to its intended (legitimate) users. This attack is typically accomplished by flooding the system with useless traffic or service requests.
Conditions Under Which Denial of Service Might Occur:
Denial of Service attacks, which are perhaps the most critical security risk for an automotive system, can affect safety-critical performance and availability properties. An attacking component, which may or may not be authorized in the system, could attempt to saturate the available system channels with communication requests.
Denial of Service Risks:
A successful Denial of Service attack can affect the system’s safety-critical properties.
Denial of Service attacks violates the Availability property.
Elevation of Privilege (EoP):
An Elevation of Privilege attack occurs when an attacker obtains authorization permissions beyond those initially granted, typically by exploiting a weakness—a programming error or design flaw—in the system. As a result of this exploit, the attacker can perform unauthorized actions.
Conditions Under Which Elevation of Privilege Might Occur:
Elevation of Privilege involves an attacking component gaining access to data or resources beyond what its permissions allow (in terms of its group membership and data access rights [read/write/execute]). This unauthorized access can occur due to “stealing” the identity of another component (via spoofing or information disclosure) or due to a jailbreak-type attack.
Elevation of Privilege Risks:
Elevation invalidates all the other security properties and mechanisms built into the system.
Elevation of Privilege attacks violates the Authorization property.
Reference:
https://misti.com/infosec-insider/threat-modeling-what-why-and-how (2017)
https://resources.sei.cmu.edu/asset_files/TechnicalReport/2015_005_001_449522 (2016)
