Quiz Entry - updated: 2026.07.14
What is Elevation of Privilege in STRIDE and what security property does it violate?
Gaining capabilities you weren't granted (e.g. user → admin) — it violates Authorization.
Elevation of Privilege (EoP):
| Aspect | Description |
|---|---|
| Property violated | Authorization |
| Definition | Gain capabilities without proper authorization |
| Examples | User gaining admin rights, escaping a sandbox, remote code execution |
Why it's critical: EoP often leads to complete system compromise. An attacker with elevated privileges can:
- Access all data
- Modify system configuration
- Install persistent backdoors
- Disable security controls
Mitigation:
- Principle of least privilege
- Input validation
- Sandboxing
- Regular patching