Table 4.
STRIDE Threats Mapping in both Use Cases.
| STRIDE | Descriptions | AV Assets | SH Assets | CIA |
|---|---|---|---|---|
| Spoofing | An adversary can exploit the authentication by performing malicious actions | AV1, AV2, AV3, AV4, AV5, AV6, AV7, AV8, AV9, AV10, AV11, AV13 | SH1, SH2, SH3, SH4, SH5, SH6, SH7, SH8, SH9, SH10 | Authentication |
| Tampering | An adversary can steal the stored data and change it accordingly | AV2, AV3, AV7, AV8, AV12, AV14 | SH1, SH2, SH3, SH4, SH5, SH9, SH11, SH12, SH13 | Integrity |
| Repudiation | An adversary can gain privileged access | AV11, AV16, AV17, AV18 | SH1, SH2, SH3, SH4, SH5, SH6, SH9, SH14, | Non-repudiation |
| Information Disclosure | An adversary can disclose the sensitive information by taking control over the communication medium | AV1, AV2, AV3, AV7, AV8, AV9, AV10, AV11, AV12, AV13, AV14, AV15, AV16 | SH1, SH2, SH3, SH4, SH5, SH6, SH7, SH8, SH9, SH14 | Confidentiality |
| Denial of Service | An adversary can deny the authorized users access | AV1, AV2, AV3, AV7, AV8, AV9, AV10, AV11, AV12, AV13, AV14, AV15, AV16 | SH1, SH2, SH3, SH4, SH5, SH6, SH7, SH8, SH9, SH10, SH11, SH12, SH14 | Availability |
| Elevation of Privilege | An adversary can avail the privileged resources | AV1, AV2, AV3, AV7, AV8, AV9, AV10, AV11, AV12, AV14, AV15, AV16, AV18 | SH1, SH2, SH3, SH5, SH6, SH7, SH8, SH9, SH10, SH11, SH12, SH14 | Authorization |