STRIDE mapping

This section of the coreLang Language Reference is presenting the categorization of attack steps in coreLang in relation to the STRIDE model.

The following is an excerpt from the wikipedia page on STRIDE.

📘
STRIDE is a model for identifying computer security threats developed by Praerit Garg and Loren Kohnfelder at Microsoft. It provides a mnemonic for security threats in six categories.
The threats are:

Spoofing

Tampering

Repudiation

Information disclosure

Denial of service

Elevation of privilege

In coreLang, each modeling object has a set of related attack steps which are operations that an attacker is expected to try to achieve in order to gain access to the object, or other connected objects, for continued progress within the modeled environment.

Since coreLang is developed with attack operations in mind, some attack steps are not covered by the STRIDE categories and some are related to several STRIDE categories.

Application

coreLang Attack Step Name	STRIDE Category
AccessNetworkAndConnections	n/a (A suitable category would be "establish reachability". The closest STRIDE mapping would be "I", thinking about network enumeration, but this attack step is not about information gathering but rather establishing contact.)
AttemptLocalConnectVulnOnHost	n/a (Prerequisite operation to other operations.)
AttemptNetworkConnectViaResponse	n/a (Prerequisite operation to other operations.)
AttemptReverseReach	n/a (Prerequisite operation to other operations.)
AttemptUseVulnerability	n/a (Prerequisite operation to other operations.)
Authenticate	Spoofing
Deny	Denial of service
FullAccess	Elevation of privilege
LocalConnect	n/a (See AccessNetworkAndConnections.)
Modify	Tampering
NetworkConnect	n/a (See AccessNetworkAndConnections.)
NetworkConnectViaResponse	n/a (See AccessNetworkAndConnections.)
Read	Information disclosure
SpecificAccess	Elevation of privilege (gaining access to a low privileged account is also categorized as elevating privileges since the attacker should have no privileges at all).
SpecificAccessAuthenticate	Spoofing
UnsafeActivityByUser	n/a (See AccessNetworkAndConnections.)

ConnectionRule

coreLang Attack Step Name	STRIDE Category
AccessNetworks	n/a (A suitable category would be "establish reachability". The closest STRIDE mapping would be "I", thinking about network enumeration, but this attack step is not about information gathering but rather establishing contact.)
DenialOfService	Denial of service

Credentials

coreLang Attack Step Name	STRIDE Category
AttemptAccess	n/a (Prerequisite operation to other operations.)
AttemptUse	n/a (Prerequisite operation to other operations.)
CredentialTheft	Information disclosure
CredentialsReuse	- Spoofing (if the credentials are modeled as authentication credentials) - Repudiation (if the credentials are modeled as signing credentials)
Delete	Denial of service
Deny	Denial of service
GuessCredentials	Information disclosure
Read	Information disclosure
Use	- Spoofing (if the credentials are modeled as authentication credentials) - Repudiation (if the credentials are modeled as signing credentials)
UseLeakedCredentials	- Spoofing (if the credentials are modeled as authentication credentials) - Repudiation (if the credentials are modeled as signing credentials)
Write	Tampering

Data

coreLang Attack Step Name	STRIDE Mapping
Access	n/a (Prerequisite operation to other operations.)
ApplicationRespondConnect	Spoofing
AttemptAccess	n/a (Prerequisite operation to other operations.)
AttemptAccessFromIdentity	n/a (Prerequisite operation to other operations.)
CompromiseAppOrigin	Tampering (and Repudiation if SigningCredentials are present but also compromised)
Delete	Denial of service
Deny	Denial of service
Eavesdrop	Information disclosure
Extract	Information disclosure
MainInTheMiddle	Tampering
Read	Information disclosure
ReadContainedInformation	Information disclosure
Write	Tampering

Group

coreLang Attack Step Name	STRIDE Mapping
CompromiseGroup	Spoofing

Identity

coreLang Attack Step Name	STRIDE Mapping
Assume	Spoofing
AttemptAssume	n/a (Prerequisite operation to other operations.)

Information

coreLang Attack Step Name	STRIDE Mapping
AttemptAccess	n/a (Prerequisite operation to other operations.)
Delete	Denial of service
Deny	Denial of service
Read	Information disclosure
Write	Tampering

Network

coreLang Attack Step Name	STRIDE Mapping
Access	n/a (Prerequisite operation to other operations.)
AccessNetworkData	n/a (Prerequisite to Eavesdrop.)
BypassAccessControl	n/a (Prerequisite to Access.)
BypassEavesdropProtection	n/a (Prerequisite to Eavesdrop.)
BypassMitMProtection	n/a (Prerequisite to MainInTheMiddle.)
DenialOfService	Denial of service
Eavesdrop	Information disclosure
MainInTheMiddle	Spoofing, Tampering, Repudiation
NetworkForwarding	Tampering
PhysicalAccess	n/a (Prerequisite operation to other operations.)

PhysicalZone

coreLang Attack Step Name	STRIDE Mapping
GainPhysicalAccess	n/a (Prerequisite to attack steps in the System object.)

RoutingFirewall

coreLang Attack Step Name	STRIDE Mapping
AccessNetworkAndConnections	n/a (A suitable category would be "establish reachability". The closest STRIDE mapping would be "I", thinking about network enumeration, but this attack step is not about information gathering but rather establishing contact.)
AttemptLocalConnectVulnOnHost	n/a (Prerequisite operation to other operations.)
AttemptNetworkConnectViaResponse	n/a (Prerequisite operation to other operations.)
AttemptReverseReach	n/a (Prerequisite operation to other operations.)
AttemptUseVulnerability	n/a (Prerequisite operation to other operations.)
Authenticate	Spoofing
DenialOfService	Denial of service
Deny	Denial of service
FullAccess	Elevation of privilege
LocalConnect	n/a (Prerequisite operation to other operations.)
Modify	Tampering
NetworkConnect	n/a (Prerequisite operation to other operations.)
NetworkConnectViaResponse	n/a (Prerequisite operation to other operations.)
Read	Information disclosure
SpecificAccess	Elevation of privilege (gaining access to a low privileged account is also categorized as elevating privileges since the attacker should have no privileges at all).
SpecificAccessAuthenticate	Spoofing
UnsafeActivityByUser	n/a (Prerequisite operation to other operations.)

SoftwareProduct

coreLang Attack Step Name	STRIDE Mapping
CompromiseApplication	Repudiation, Tampering
DenyApplication	Denial of service
ModifyApplication	Tampering
ReadApplication	Information disclosure

SoftwareVulnerability

Abusing or succeeding with an attack operation on a vulnerability is not considered important in the STRIDE context. Instead, these operations have an effect on the connected Application. The actual effect of them is therefore considered (and classified) within the connected Application object.

coreLang Attack Step Name	STRIDE Mapping
Abuse	n/a (Affecting Application.)
Deny	n/a (Affecting Application.)
Exploit	n/a (Prerequisite to Abuse.)
ExploitTrivially	n/a (Alternative prerequisite to Exploit.)
ExploitWithEffort	n/a (Alternative prerequisite to Exploit.)
Impact	n/a (Affecting Application.)
Modify	n/a (Affecting Application.)
Read	n/a (Affecting Application.)

User

coreLang Attack Step Name	STRIDE Mapping
AttemptDeliverMaliciousRemovableMedia	n/a (Prerequisite operation to other operations.)
AttemptSocialEngineering	n/a (Prerequisite operation to other operations.)
CredentialTheft	Information disclosure (Spoofing happens on the Identity object when using the stolen credentials.)
DeliverMaliciousRemovableMedia	n/a (Prerequisite operation to other operations.)
PasswordReuseCompromise	Information disclosure (As in the attacker finding more identities also matching the previously stolen credentials.)
PhishUser	n/a (Prerequisite operation to other operations.)
UnsafeUserActivity	Spoofing and elevation of privilege (Since the attacker succeeds with making the user execute code on behalf of the attacker, i.e. impersonating the user.)