Research On The Improved STRIDE Threat Model

In recent years, with the extensive application of the Internet, software systems securities of the Internet have become one of the closely concerned issues. The Internet consists of openness, interconnectivity, and other features that could easily expose the software systems which located above to malicious attacks. This could lead to serious consequences such as leakage of confidential data or user's personal privacy et al. Therefore, research on how to evaluate and improve the safety of a software system is necessary.Currently, threat modeling technology is widely applied as a technology for designing secure systems. It analyzes the possible modes of the invaders to attack the system. STRIDE model is a systematic threat modeling method developed by Microsoft Security Engineering and Communications group. The model divides threats faced by the system into spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege to ensure the system has these security properties: authentication, confidentiality, non-repudiation, integrity, availability, and authorization.By analyzing the STRIDE model, its limitation is discovered when the model is applied to identify the security solutions of a system: the classification based on STRIDE model is single-dimensional. It's certain that the system is threatened, however, the location of this kind of threat taking place could not be found. Apparently, in one system, the same kind of threat may occur at multiple locations that correspond to different system security solutions. Therefore, an improved model based on STRIDE model is proposed, i.e. the STRIDE-improved model(abbreviated as i STRIDE). Being a hierarchical model, it takes into account the threats from two dimensions: one dimension contains the six threat categories mentioned above, the other is the location where the threat occurs including core, perimeter, and exterior. Additionally, the validity of the i STRIDE model has been analyzed theoretically. The security of an actual software system is analyzed and evaluated based on the i STRIDE model with results demonstrating that the model has certain reference values.