Announcing Elevation of Privilege: The Threat Modeling Game

Announcing Elevation of Privilege: The Threat Modeling Game

Rate This
  • Comments 4

What

Adam Shostack here. I’m pleased to announce that at RSA this week, Microsoft is releasing Elevation of Privilege, the Threat Modeling Game. Elevation of Privilege is the easiest way to get started threat modeling. EoP is a card game for 3-6 players. Card decks are available at Microsoft’s RSA booth, or for download here. The deck contains 74 playing cards in 6 suits: one suit for each of the STRIDE threats (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service and Elevation of Privilege). Each card has a more specific threat on it.  For example, here’s the 5 of Tampering.

5-of-tampering

The threat is “an attacker can replay data without detection because your code doesn’t provide timestamps or sequence numbers.”

Why

Because we want everyone developing software to threat model, and there’s no better way to get people to do what you want than to ensure they have fun while doing it.

How

Everyone in software draws diagrams. From pictures on napkins or whiteboards to DFDs, UML or other formalisms, everyone diagrams.

  • You start with such a diagram (ideally, one focused on data flows) and deal the cards to 3-6 players. You’ll also want to assign someone to take notes.
  • Play starts with the 3 of Tampering. The player with that card reads it out, and explains how the threat on the card (“An attacker can take advantage of your custom key exchange or integrity control which you built instead of using standard crypto") might apply to the system you’re building. If they can provide a credible threat, they get a point. A credible threat here is one for which you’d file a bug.
  • Play proceeds clockwise until each player has had a chance to play a card. Each player needs to play in suit if they have a card in suit.
  • When each player has played, the highest numbered card played wins. [Ace is high] The player who won gets a point for the hand, and gets to lead the next hand, including picking the suit that leads that next hand.
  • If a player doesn’t have a card in the hand that was lead, they may play any card. Elevation of Privilege cards are “trumps” that beat any other suit. Only the suit lead or Elevation of Privilege can win the hand.

When you’re done (all the cards have been played), count up the points, give the winner a pat on the back, and have someone file bugs.

That may seem a little complex, but it’s pretty simple when you have cards in hand. There’s a video of me explaining the game here and of people playing on the launch page. There’s also a strategy card in the deck with a flowchart to help you decide what card to play.

When

Right now! If you’re at RSA, come by the Microsoft booth, or download the cards here

Who

If you’re developing software, this is for you. We’d love to hear your feedback here, we’d love for you to blog about it, but most of all we’d love for you to play Elevation of Privilege.

Once you have, we’d also like you to play with the idea of serious games for threat modeling and security. To help you get started, we’re making Elevation of Privilege available under a Creative Commons Attribution license which gives you freedom to share, adapt and remix the game.

Acknowledgements

I want to thank Austin Hill of Akoha for introducing me to the wide field of serious games (see http://www.seriousgames.org/ or http://en.wikipedia.org/wiki/Serious_game for some more on the broad concept), and Laurie Williams of North Carolina State University for designing “Protection Poker,” which inspired me to design Elevation of Privilege.

Comments
  • I'm a brazilian security analist, and a great fan of the game Elevation of Privilege! But I would like to translate it to my own language. Is there a way to do it? Thanks a lot!

  • Hello Carlos - thanks for your interest in translating the game into your language. We have uploaded the native files for the EoP card game at www.microsoft.com/.../details.aspx for users to download and modify per their own needs.

  • Hello Adam Shostack and The SDL Team!

    I've been a fan of Elevation of Privilege game since I first heard about it over a year ago, in May 2010. I didn't realize it was available under Creative Commons License 3.0 until now. That is great! I've had many ideas about adapting and sharing the game, but never did due to licensing concerns.

    While I realize that Microsoft kindly makes the game available via download, I wondered: Might I buy or work for an actual deck of cards, like those distributed originally at Microsoft's RSA booth in March 2010? Any info would be appreciated.

  • Hi EllieK - thanks for your interest in the Elevation of Privilege Card Game. We are currently not offering Elevation of Privilege Card Games for purchase.

    However, as the license (creativecommons.org/.../us) under which the card game was released allows anyone to create card decks and sell them for a profit, feel free to create some yourself and sell them if you think others might be interested in purchasing them.

    The native files of the game are available for download at: www.microsoft.com/.../details.aspx

Page 1 of 1 (4 items)
Leave a Comment
  • Please add 3 and 5 and type the answer here:
  • Post