RAHUL SHAH IT-B22-2005104

LAB-3

Aim: To study and perform Threat modelling using STRIDE methodology

Theory:
Threat Modelling:
At its core, threat modelling is a systematic approach employed during the software
development lifecycle to analyze and pre-emptively address security concerns. It involves
identifying potential threats, evaluating their potential impact, and formulating strategies to
mitigate these threats. By adopting threat modelling, engineers can effectively integrate
security considerations into the design phase of their projects, ensuring that vulnerabilities are
identified and rectified before they can be exploited.

STRIDE Framework:
The STRIDE framework serves as an invaluable tool within the realm of threat modeling. It's
an acronym encompassing six distinct threat categories: Spoofing, Tampering, Repudiation,
Information Disclosure, Denial of Service (DoS), and Elevation of Privilege. Each category
encapsulates a specific type of threat that software systems might encounter. These categories
act as a comprehensive guide, enabling engineers to categorize and analyze potential security
risks systematically.

Understanding the STRIDE Categories:

 Spoofing: This involves an attacker impersonating a legitimate entity. For instance,

inadequate authentication mechanisms can expose the system to unauthorized access
attempts.

 Tampering: Unauthorized modification of data or code, often due to insufficient data

validation, can lead to compromised system integrity.

 Repudiation: Poorly logged user actions can enable users to deny their involvement, posing
challenges during incident investigations.

 Information Disclosure: Weak access controls might allow unauthorized users to gain
access to sensitive information, leading to data breaches.

 Denial of Service (DoS): Inadequate resource management can make the system vulnerable
to flooding attacks, rendering it unavailable to legitimate users.

 Elevation of Privilege: Flaws in authorization can allow unauthorized users to gain access
to higher-level functions, potentially compromising the system's security.

SAD LAB
RAHUL SHAH IT-B22-2005104

THREAT MODEL FOR ONLINE ECOMMERCE BUSINESS

STRIDE Threat Definition Vulnerability Counter measures

Category example
1. Spoofing Attackers pretend to be Attackers could Implement strong user
Identity someone else, intending create fake customer authentication
to steal data or gain accounts or mechanisms, such as
access to encrypted impersonate multi-factor
portals. legitimate customers authentication (MFA)
to make unauthorized and CAPTCHA, to
purchases. prevent unauthorized
access.
2. Tampering Tampering involves the Attackers could Use encryption for
attacker or hacker intercept and modify transmitting sensitive
manipulating, removing, payment information data, implement
or modifying important during transactions, HTTPS for secure
data to attack a system or leading to financial communication, and
network. In fact, loss. ensure data integrity
tampering is an attack on through hashing and
the integrity of the checksums.
information system.
3. Repudiation A repudiation threat Customers could Maintain detailed
involves a bad actor deny making a transaction logs,
attacking the system purchase, leading to including user actions
without accepting their disputes and legal and timestamps, to
involvement in such issues. establish
malicious activity. accountability and
resolve disputes.
4. Information Attackers get Customer data, such Implement strict
Disclosure unauthorized access to as personal and access controls,
confidential data that can payment information, encrypt sensitive data
compromise sensitive could be exposed due at rest, and follow
data. to inadequate security privacy regulations
measures. (e.g., GDPR) to
protect customer
information.
5. Denial of Denial of Service (DoS) Attackers could Use DDoS protection
Service DoS attacks aim to overload launch Distributed services, employ rate
and disrupt the normal Denial of Service limiting, and
functioning of a targeted (DDoS) attacks to implement scalable

SAD LAB
RAHUL SHAH IT-B22-2005104

system by overwhelming make the platform infrastructure to

it with excessive traffic. unavailable to handle sudden spikes
legitimate users. in traffic.
6. Elevation of Elevation of Privilege Malicious users or Apply the principle of
Privilege occurs when an employees could least privilege,
unprivileged or exploit vulnerabilities enforce proper role-
unauthorized attacker to gain administrative based access control,
gains access by getting access and control and regularly update
through every defence over the system. and patch software to
mechanism against such prevent exploitation.
access.

Conclusion:
Hence we understood that, in an environment where cyber threats are constantly evolving,
security measures need to be integrated proactively. The combination of threat modeling and
STRIDE allows engineers to identify vulnerabilities, customize security measures, and create
a robust cybersecurity culture within the engineering community.

SAD LAB