From the course: Threat Modeling: Tampering in Depth
Tampering as part of STRIDE
From the course: Threat Modeling: Tampering in Depth
Tampering as part of STRIDE
This course is part of a series on threat modeling and the STRIDE threats. STRIDE is a mnemonic for spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. We'll cover how tampering impacts the integrity of communications, storage, processes and even time, at least as computers experience it. You'll also learn about how to ensure the integrity of your systems. Let's make that concrete and look at storage. When you save a file, you expect to get the same file back the next time you open it. Unless it's on Google Docs or Office 365 and you've shared it with a bunch of collaborators, in which case you expect that they're going to tamper with those files. But they're not really tampering are they? You've given them permission. You've authorized those changes and so you might want some tracking of whose made what changes and you might want to view or modify those permissions. Tampering refers to modifications that are not authorized. When you're working with files, and whether it's files, it's a database, it's shared memory, the integrity of storage is fundamentally a matter of authorizations or permissions and violations of those authorizations. Those are enforced by an operating system. One of the fundamental jobs of an operating system is to protect processes from one another. This isolation is to ensure that everyone's processes run the way they intend. We'll cover how to tamper with things you're supposed to leave untouched and how to best protect the things you want to keep in tact.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.