Skip to main content

STRIDE Threat Modeling for Cloud Services

Applying STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation) to cloud-native architectures.


STRIDE Threat Modeling for Cloud Services

Process

  1. Diagram Data flows, trust boundaries, external dependencies
  2. Enumerate threats STRIDE per component
  3. Rate Likelihood × impact (DREAD optional)
  4. Mitigate Map to controls; assign owners
  5. Validate Pen test or tabletop exercise

STRIDE cheat sheet

ThreatExample in cloudTypical control
SpoofingStolen API keysMFA, short-lived tokens
TamperingMITM on APITLS, mTLS, signing
RepudiationDenied admin actionCloudTrail, immutable logs
Information disclosurePublic S3 bucketIAM, encryption, SCPs
DoSAPI floodWAF, rate limits, autoscale
ElevationIAM privilege escalationLeast privilege, permission boundaries

Workshop template

Service: [name] Assets: [data classes] Trust boundaries: [VPC, account, cluster] Top 5 threats: 1. ... Mitigations: 1. ...

Output artifacts

  • Threat model document linked to architecture RFC
  • Jira epics for unresolved high risks
  • Re-review on major architecture changes