Elevation of Privilege Game

About

The Elevation of Privilege (EoP) threat modeling card game is the easy way to get started threat modeling. Adam Shostack created it in 2010, after hearing Laurie Williams describe Protection Poker.

Play the Game!

The easiest way to get a nice physical copy is from Agile Stationery (direct, or via Amazon). They have a lovely landing page with more information. You can also download the Creative Commons licensed files from Github or Microsoft. Instructions are included.

If those instructions aren’t enough, there’s now a book! Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture, by Brett Crawley (Packt, 2024). (I was honored to write the foreword.)

In the pandemic, one of the questions I get over and over is “how does it work remotely?” I was initially worried, but I've learned it works great. I’ve learned by doing, and you can too. We now do regular sessions where we play to learn, and they work. You might think we’re biased, and in that case, read what the Financial Times has shared about their experience, or in Dark Reading, Let’s Play! Raising the Stakes for Threat Modeling With Card Games.

Versions

There have been lots of tweaks and bugfixes, documented on github. The biggest changes since 2010 include:

• New cards, many in the Elevation of Privilege suit, but also filling out modern DoS threats to budget and batteries.
• Less jargon or Microsoft-centered terms, for example “ACLs” are now permissions, and “everyone (for example, anyone with a hotmail account)” now references Facebook.

Derivatives

Elevation of Privilige helped inspire a movement towards physical security games. Within that, many people have made EoP derivatives, including:

• OWASP Cornucopia, focused on a mix of the Secure Coding Practices, ASVS, Web Testing Guide and more. By Colin Watson, 2012.
• Elevation of Privacy, a privacy-centered version focused on TRIM: Transport, Retention/Removal, Inference, Minimisation by a team at F-Secure, 2018.
• A privacy-enhanced version adding P to STRIDE (STRIPED) by Mark Vinkovits of LogMeIn. The blog post explaining it has disappeared, but Mark and I spoke at AppSec Cali: Game On! Adding Privacy to Threat Modeling in 2019.
• OWASP Cumulus, a cloud-centered version by a team at TNG Technology Consulting, including a remote version, 2023.
• Elevation of MLsec A machine learning security variant, by Elias Brattli Sørensen and Jorun Kristin Bremseth, 2024.

Software and tooling

There’s software (Croupier) to help you organize a game with physical cards, to help you track what’s happening in the Miroverse, and software to help you play with virtual cards. Play around with these and find the one that works for you.

• Croupier, a hybrid physical/video framework for playing on a video call. (Agile Stationery)
• A Miroverse template, Threat Modeling with EoP Miro Template by Brett Crawley. He has a guest blog post here explaining how to use it.
• Copi, by Secure Delivery lets you play either EoP or Cornucopia
• elevation-of-privilege.herokuapp.com (with source)
• eopgame.herokuapp.com
• eopgame.azurewebsites.net
• An Android version by Digital Interruption
• An Alexa Skill by Fraser Scott

Translations I'm aware of include a French translation by lolkatz, a Japanese translation by Makoto Iguchi, and a German translation by D3tm4r. There is also a Mandarin (Chinese) translation by Microsoft, but I’m not aware of it being available for download.

Other Resources

There are two main presentations; my Black Hat talk “The easy way to get started threat modeling” covers some of why the game works. There’s a longer academic paper presented at 3GSE “Drawing Developers into Threat Modeling.”

There's also a BoardGameGeek description of Elevation of Privilege, and a number of videos showing how to play, including this one by Sunny Wear.