THREAT MODELING MENGGUNAKAN PENDEKATAN STRIDE DAN DREAD UNTUK MENGETAHUI RISIKO DAN MITIGASI KEAMANAN PADA SISTEM LAYANAN PENDIDIKAN

Abstract

Information system security is increasingly crucial with the rise of cyber threats. This study identifies and evaluates security risks in education service systems using STRIDE and DREAD-based Threat Modeling. STRIDE identifies threats such as spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege, while DREAD assesses risk based on potential damage, ease of exploitation, affected users, and likelihood of detection. The analysis showed that information disclosure and elevation of privilege were the highest risks, mainly due to the permissive CORS configuration. Testing using Burp Suite revealed high-level vulnerabilities allowing unauthorized access and data leakage. To address this, mitigations in the form of CORS policy validation, HTTP method restrictions, data encryption, and role-based authentication were implemented. Simulation results after mitigation showed a significant reduction in security issues, such as critical issues dropping from 6 to 1. This research confirms STRIDE and DREAD are effective in identifying and evaluating security risks, providing a strong basis for designing mitigation strategies to maintain educational service security.