This presentation is on a generic SAAS application and associated Cloud Stack’s Threat Model. The central theme of this discussion uses VISIO drawings of the SAAS, PAAS, and IAAS and the related STRIDE set of threats.

STRIDE is a model of threats developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats. It provides a mnemonic for security threats in six categories.

The threats categories are:

  • Spoofing of user identity 
  • Tampering 
  • Repudiation 
  • Information disclosure (privacy breach or data leak)
  • Denial of service (D.o.S)
  • Elevation of privilege

Bruce Norquist has been hooked and working security since he touched his first B3 level Compartmentalized Mode Workstation in 1994. He retired from the Army National Guard after 24 years as an Information Operations and Combat Engineer officer at NORAD/USNORTHCOM. His first Cloud Application security assessment was in 2008 and they have never stopped. Among his certifications are the CISSP and CRISC.