Adam Shostack is the founder and President of Shostack & Associates. Adam Shostack was part of Microsoft’s Security Development Lifecycle (SDL) Strategy team for several years and was instrumental in overhauling Microsoft’s SDL threat modeling system. Adam Shostack also created Microsoft’s Elevation of Privilege (EOP) threat modeling card game.
What is an Elevation of Privilege?
An elevation of privilege occurs when a user or application gains rights (i.e., privileges) that should not be available to him or her. For example, a system’s user that should have “read-only” permission somehow elevates their system privileges to include “read and write” permissions.
Elevation of Privilege: The Threat Modeling Game is a card game Adam Shostack designed for 3-5 players and works to draw people who are not information security practitioners or experts into the craft of threat modeling. The game uses a variety of techniques to accomplish this and does so in an enticing, supportive, and non-threatening way. You can download the Elevation of Privilege threat modeling card game free from Microsoft.
Explore more via adam shostack (@adamshostack) | Twitter