nThe STRIDE Threat Model – categories cont.:
nInformation disclosure – exposure of information
to individuals who are not supposed to have access to it
Example:
A user’s ability
to read a file that she was not granted
access to and an intruder’s ability to read data in transit between two computers.
nDenial of service
nElevation of privilege
Example: Obtaining root account