What are the specific mitigation techniques for each STRIDE threat?
Each STRIDE threat is countered by restoring the security property it breaks: authentication beats spoofing, integrity checks (hashes/MACs/signatures) beat tampering, logging beats repudiation, encryption beats disclosure, throttling/filtering beats DoS, and least privilege beats elevation.
* Each STRIDE threat breaks exactly one security property — the mitigation restores it. *
The trick to remembering this table is that every mitigation re-establishes the exact property the threat violates — so you never memorise it as a lookup, you derive it:
| Threat | Key techniques | Why these counter it |
|---|---|---|
| Spoofing | Cookie auth, Kerberos, PKI/SSL/TLS certificates, digital signatures | Spoofing breaks authentication, so you prove identity. Kerberos is a ticket-based network auth protocol; PKI binds a public key to an identity via a certificate, so the receiver can verify who they're really talking to. |
| Tampering | Hashes, MACs, digital signatures, ACLs, tamper-resistant protocols | Tampering breaks integrity, so you make changes detectable. A hash flags any change; a MAC (Message Authentication Code) is a keyed hash so only someone with the key can forge it; an ACL stops the unauthorised write in the first place. |
| Repudiation | Digital signatures, timestamps, audit trails, secure logging | Repudiation breaks non-repudiation, so you create tamper-evident evidence that an action happened and who did it — a signed, timestamped log the actor can't later deny. |
| Info Disclosure | Authorization, encryption, privacy-enhancing protocols, ACLs | Disclosure breaks confidentiality, so you keep data unreadable to the unauthorised: encryption protects it in transit/at rest, ACLs and authorization gate who may read it at all. |
| DoS | Filtering, throttling, quotas, quality-of-service, ACLs | DoS breaks availability, so you cap how much any one source can consume — throttling/quotas/QoS ration resources, filtering and ACLs drop hostile traffic before it costs you. |
| Elevation of Privilege | Run with least privilege, ACLs, role membership, input validation | EoP breaks authorization, so you shrink what a compromised component can do (least privilege) and close the doors used to escalate — input validation stops the injection/overflow that grants extra rights. |
The golden rule: when in doubt, the best fix is to not store secrets you don't need (it appears under both Spoofing and Info Disclosure) — data you never hold can't be stolen or leaked.
Go deeper:
OWASP Threat Modeling Process — STRIDE controls — each STRIDE category mapped to its control (restore the broken property).