Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.

README.md

The Elevation of Privilege Threat Modeling Card Deck

I created Elevation of Privilege while at Microsoft. I'm creating this repository to have a single location for bugfixes, encourage more derivative work, and all the other goodness that a git repository can bring. At https://www.microsoft.com/en-us/download/details.aspx?id=20303, Microsoft released these under a CC-BY-3.0 license; all these files are maintained under the same license.

Elevation of Privilege (EoP) is the easy way to get started threat modeling. It is designed to make threat modeling easy and accessible for developers and architects. Threat modeling is a core security practice during the design phase of the Microsoft Security Development Lifecycle (SDL). The EoP card game helps examine possible threats to software and computer system. This game is licensed under the Creative Commons Attribution 3.0 United States License. Native files of the game are made available to allow editing, localization, and printing of the game. To view the full content of this license, visit http://creativecommons.org/licenses/by/3.0/us/

There are a set of variants which I track on the threat modeling book website, https://www.threatmodelingbook.com/resources including both German and Japanese translations, online versions, an Alexa skill, and places you can obtain professionally printed cards.

Notes and clarifications

The most complete source of information on the cards is Appendix D of Threat Modeling: Designing for Security. Even if you don't have a copy of the book, you can often see the appendix via Amazon or Google "look inside" features.

  • The Queen of Information Disclosure differs from the King because with the Queen, messages may be encrypted, even if the channel is not.

Privacy variants

There are two independently created privacy variants:

About

The Elevation of Privilege Threat Modeling Game

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.