STRIDE Threat Modeling for Cloud Services
Applying STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation) to cloud-native architectures.
STRIDE Threat Modeling for Cloud Services
Process
- Diagram Data flows, trust boundaries, external dependencies
- Enumerate threats STRIDE per component
- Rate Likelihood × impact (DREAD optional)
- Mitigate Map to controls; assign owners
- Validate Pen test or tabletop exercise
STRIDE cheat sheet
| Threat | Example in cloud | Typical control |
|---|---|---|
| Spoofing | Stolen API keys | MFA, short-lived tokens |
| Tampering | MITM on API | TLS, mTLS, signing |
| Repudiation | Denied admin action | CloudTrail, immutable logs |
| Information disclosure | Public S3 bucket | IAM, encryption, SCPs |
| DoS | API flood | WAF, rate limits, autoscale |
| Elevation | IAM privilege escalation | Least privilege, permission boundaries |
Workshop template
Service: [name]
Assets: [data classes]
Trust boundaries: [VPC, account, cluster]
Top 5 threats:
1. ...
Mitigations:
1. ...Output artifacts
- Threat model document linked to architecture RFC
- Jira epics for unresolved high risks
- Re-review on major architecture changes