STRIDE Model.

STRIDE is a threat-modeling framework developed at Microsoft in the late 1990s by Loren Kohnfelder and Praerit Garg, and embedded in the Microsoft Security Development Lifecycle (SDL). It guides analysts to enumerate threats by mapping system components in a data flow diagram (DFD) to six categories: Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. Each category corresponds to a violated security property (authentication, integrity, non-repudiation, confidentiality, availability, authorization). STRIDE is widely used in secure-by-design programs, regulatory threat-modeling expectations (e.g., FDA premarket cybersecurity, automotive UN R155, ISO/SAE 21434) and AppSec processes, often combined with DREAD or attack trees.