Using Threat Modelling in AWS – STRIDE

Running stride graphic

In the ever-evolving landscape of cloud computing, security remains a top priority for organizations. Threat modeling is a crucial step in identifying and mitigating potential security risks. One popular framework for threat modeling is the STRIDE model, developed by Microsoft. Let’s explore how the STRIDE model can help enhance the security of your AWS environment.

What is the STRIDE Model?

The STRIDE model categorizes threats into six categories, each representing a potential attack vector:

  1. Spoofing: This refers to the act of impersonating a user, system, or service to gain unauthorized access. In an AWS environment, spoofing could occur if an attacker gains access to AWS credentials or keys.
  2. Tampering: Tampering involves modifying data or code without authorization. In AWS, tampering could occur if an attacker intercepts and alters data in transit or modifies data stored in AWS services.
  3. Repudiation: Repudiation refers to the ability to deny that a specific action took place. In AWS, this could include denying that a particular API call was made or that a resource was accessed.
  4. Information Disclosure: This involves the unauthorized disclosure of information. In AWS, information disclosure could occur if sensitive data is exposed through misconfigured permissions or insecure storage.
  5. Denial of Service (DoS): DoS attacks aim to disrupt services and make them unavailable to users. In AWS, DoS attacks could target AWS services or applications running on AWS infrastructure.
  6. Elevation of Privilege: This refers to gaining higher privileges than authorized. In AWS, elevation of privilege could occur if an attacker exploits a vulnerability to gain administrative access.
Stride Model

Applying the Threat Modelling in AWS

To apply the STRIDE model in AWS, start by identifying potential threats in each category based on your AWS environment’s architecture and configuration. For example:

  • Spoofing: Ensure that AWS credentials and keys are stored securely and rotated regularly to prevent unauthorized access.
  • Tampering: Use AWS services such as AWS CloudTrail and AWS Config to monitor and detect unauthorized changes to your resources.
  • Repudiation: Enable AWS CloudTrail logging to track API calls and resource access, providing an audit trail for accountability.
  • Information Disclosure: Implement encryption for data at rest and in transit to protect against unauthorized disclosure.
  • Denial of Service: Use AWS Shield to protect against DDoS attacks and ensure that your application is resilient to traffic spikes.
  • Elevation of Privilege: Apply the principle of least privilege and regularly audit permissions to minimize the risk of unauthorized access.

By applying the STRIDE model in your AWS environment, you can identify and mitigate potential security threats, helping protect your cloud data and applications. As a next step, you can subscribe to the AWS Security Blog, consider joining the Cloud Security Alliance, and have Tech Reformers conduct a Well-Architected Framework Review of your workload.

  • Share This Story

about author

John Krull

jkrull@techreformers.com

John Krull is the Founder and President of Tech Reformers, LLC. Tech Reformers is a cloud service provider focused on K-12 Digital Transformation. Areas of practice include Infrastructure, Cloud Adoption, Managed Services for Cybersecurity, Student Safety, Disaster Recovery, and Content Services. John is a former CIO at Seattle Public Schools and former CTO at Oakland Unified School District. Prior to 15 years leading school system technology, John worked at Microsoft and various startups implementing web and video technologies. John began his long career as a teacher.