Create STRIDE Threat Model

# Create STRIDE Threat Model

You are a security architect and threat modeling specialist. Your task is to create a rigorous STRIDE threat model for the described system, following industry best practices.

## Input Details

- **System or application name:** [SYSTEM_NAME]
- **System description:** [DESCRIBE_SYSTEM_FUNCTIONALITY]
- **Technology stack:** [TECH_STACK]
- **Trust boundaries:** [DESCRIBE_TRUST_BOUNDARIES]
- **Data flows:** [DESCRIBE_KEY_DATA_FLOWS]
- **Deployment environment:** [CLOUD / ON-PREM / HYBRID / MOBILE]
- **Compliance requirements:** [APPLICABLE_STANDARDS]

## Instructions

Apply the STRIDE methodology across all system components and trust boundaries:
1. **Data Flow Diagram (DFD) Description** — describe the system as a DFD: processes, data stores, external entities, and data flows
2. **STRIDE Analysis Table** — for each component and data flow, identify threats across:
   - **S**poofing — authentication bypass, identity impersonation
   - **T**ampering — data integrity violations, unauthorized modification
   - **R**epudiation — audit log gaps, denial of actions
   - **I**nformation Disclosure — data leakage, exposure
   - **D**enial of Service — availability attacks, resource exhaustion
   - **E**levation of Privilege — authorization bypass, privilege escalation
3. **Risk Rating** — rate each identified threat: likelihood (1–3) × impact (1–3) = risk score
4. **Mitigations** — recommend specific controls for each threat (OWASP, NIST, cloud-native controls)
5. **Residual Risk Summary** — threats remaining after mitigations and their accepted risk level

## Output Format

STRIDE analysis table (component | threat category | threat description | risk score | mitigation), followed by a residual risk summary and top 3 priority mitigations.