Thursday, October 4, 2007

Are Security Model's Bankrupt: Microsoft's Stride Chart

Over on the Microsoft SDL (Security Development Lifecycle) blog, there's a post about a security tool Microsoft uses in their threat modeling process called the "Stride Chart". Why is it that Microsoft's Stride Chart appears to be such a weird derivation of Donn Parker's Hexad? Here are the components Microsoft uses to estimate security threats:
  • Authentication
  • Integrity
  • Non-Repudiation
  • Confidentiality
  • Availability
  • Authorization
And, of course, the Hexad is a derivation from the CIA Triad:

First of all, there is some controversy surrounding Parker's Hexad, roughly because it does appear to just be a more detailed model of its parent, the CIA Triad. But looking at the Stride Chart, I have to wonder why Microsoft has chosen six main "threat categories" (not three: CIA), but not the exact same six as the Hexad: Confidentiality, Integrity, and Availability, buffeted by Possession/Control, Authenticity, and Utility. Why Authorization and Non-Repudiation and not Utility and Possession as well? Isn't Non-Repudiation and Authenticity a hair-splitting, English-has-too-many-synonyms type of oversight?

Are security models bankrupt? Has Microsoft (and others, because this Stride Chart is getting head nods) reduced to adding every last security buzzword to their lists? Can the basic security models we use be simplified any further? And, very importantly, where are the logic proofs that formally establish these principles as the foundation upon which all security solutions should be built?

Or, is the security industry so busy building money-making solutions that fundamentals are ignored?

1 comment:

jmaxxz said...

Excellent post. I was left wondering the same thing after going through the Microsoft Threat Modeling training. Isn't non-repudiation having integrity of logs? S.T.R.I.D.E. Appears to be Microsoft attempting to invent their own standard for no apparent reason.