Ben's organization is using STRIDE to assess software. Which control is appropriate for addressing an elevation of privilege threat?

The appropriate control for addressing an elevation of privilege threat in the context of STRIDE is role-based access controls (RBAC). This type of access control is specifically designed to restrict access rights based on the roles of individual users within an organization. By assigning users to specific roles, RBAC ensures that individuals only have the permissions necessary to perform their job functions, reducing the risk of unauthorized actions, including the potential for privilege escalation.

Elevation of privilege threats often occur when a user is able to gain access to resources or systems that they shouldn’t normally have access to, typically by exploiting flaws in the access control model. RBAC mitigates this threat effectively by enforcing strict role assignments and ensuring that users cannot exceed their permitted actions based on their defined role within the organization.

In contrast, the other options have limitations in addressing elevation of privilege. Mandatory access controls (MACs) enforce a policy where access depends on security labels or clearances but may not provide the role-specific granularity that RBAC offers. Discretionary access controls (DACs) allow resource owners to make decisions on access permissions, which could lead to misuse or elevated privileges if not managed carefully. Network firewalls primarily focus on filtering traffic based on network-level criteria and do not manage user-level