Threat Modeling Card Game "Elevation of Privilege (EoP)"

Many people don't know or haven't heard of threat modeling let alone know how to do it.

Hackers and crackers break assumptions we have made for how a system will be used.

But how to make the right assumptions? One way is to predict evil based on past known threats.

This might be a good start but it's not enough because hackers will also break the assumptions we make based on past attacks and change their behavior. 

The better assumption is that all input is potentially hostile and has to be treated as such.

Even data that's passed on within the same trust boundary could in the future become external input, when we choose to expose a former internal function via an API or interface.

Microsoft's Elevation of Privilege Card Game (EoP) is a serious game for developers, architects and engineers to playfully examine their project for various threats and adopt the above mentioned mindset.

The game is based on the STRIDE method for threat modeling:

  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

The game contents and card templates are provided by Microsoft under Creative Commons CC By license but I haven't found a source where you can purchase ready to play printed card decks.

So I had the English version of the cards printed at a company who offers printing of custom playing cards and who did a great job of it.

Playing the game for the first time you will notice that many threats could actually fall into more than just one of the STRIDE categories, but this is a common problem with taxonomy, so you shouldn't nitpick on that and rather have fun playing the game.

Right now I am reading the excellent book Threat Modeling: Designing for Security by Adam Shostack who is responsible for security development lifecycle threat modeling at Microsoft and one of not so many experts in the field.

Before I dig deeper into the other contents of the book I wanted to understand STRIDE and learn how to play the EoP card game, which is not too hard to learn but has at least some caveats.

My goal is not only to play the game myself but also to teach others playing it, so they learn how to threat model their projects.

I think this is way more effective and much more fun than finding vulnerabilities in productive applications and telling developers what they have done wrong and how to fix it.

To make it easier for my German speaking "target group" and for me to better understand the threats myself so I am able to explain them I have translated the card game.

Edit 2015-01-31: Here's my github repo containing native, pdf and text files:

The textfiles in github repo not only contain the translated text but also some notes and examples.

If you have questions or remarks or just would like to discuss the topic you can contact me via Twitter or comment this blog post.

If you like my translation, have resources/funding for printing and want to give something back, you can make me very happy by sending me a printed German card deck. Contact me via twitter or email. 

Views: 2832


You need to be a member of Dissecting The Hack to add comments!

Join Dissecting The Hack

Comment by Faraday on November 6, 2015 at 8:31pm

Thanks! This is great! 

Latest Activity

Vivian Rivera updated their profile
Mar 2
Steve Brandidge updated their profile
Jan 28
SUR3SH0T updated their profile
Oct 20, 2020
Anton Vyacheslav is now a member of Dissecting The Hack
Dec 9, 2018

Stratagem 13 News Feed

© 2021   Created by Marcus J. Carey.   Powered by

Badges  |  Report an Issue  |  Terms of Service