tmnpy.dsl.requirement.STRIDE.elevation_of_privilege

property STRIDE.elevation_of_privilege: bool

Elevation of Privilege threat. Maps to tmnpy.dsl.requirement.SecurityProperty.authorization()

An unprivileged user gains privileged access and thereby has sufficient access to completely compromise or destroy the entire system. The more dangerous aspect of such threats is compromising the system in undetectable ways whereby the user is able to take advantage of the privileges without the knowledge of system administrators. Elevation of privilege threats include those situations where an attacker is allowed more privilege than should properly be granted, completely compromising the security of the entire system and causing extreme system damage. Here the attacker has effectively penetrated all system defenses and become part of the trusted system itself and can do anything.[1]

Notes

[1] Loren Kohnfelder and Praerit Garg. The threats to our products. Microsoft. April 1999.