Identifying Techniques that Mitigate Threats

  • Article

The following table lists some of the techniques you can use to mitigate the threats in the STRIDE model.

Threat type Mitigation technique
Spoofing identity
  • Authentication
  • Protect secrets
  • Do not store secrets
Tampering with data
  • Authorization
  • Hashes
  • Message authentication codes
  • Digital signatures
  • Tamper-resistant protocols
Repudiation
  • Digital signatures
  • Timestamps
  • Audit trails
Information disclosure
  • Authorization
  • Privacy-enhanced protocols
  • Encryption
  • Protect secrets
  • Do not store secrets
Denial of service
  • Authentication
  • Authorization
  • Filtering
  • Throttling
  • Quality of service
Elevation of privilege
  • Run with least privilege

See Also

Choosing the Appropriate Technologies from the Identified Techniques

Copyright © 2005 Microsoft Corporation.
All rights reserved.