Devika Gibbs 20 November 2020

Don't loose physical touch with Elevation of Privilege

As we all continue to work remotely, there are things we increasingly miss about being together in the office. The Elevation of Privilege Card game is a great example of what worked well in a physical workspace with developers getting together in a room to threat model like playing Spades.

Finding threats in your systems like playing a game of spades serves multiple purposes

01

Creativity

Turning it into a game lowers the stakes and provides a safe environment for creative exploration of the security problem. 

02

Depth

Assigning threat models to players helps make use of detailed context known to each player. 

03

The Unexpected

Randomly dealing out threats to players prompts the sharing of tacit knowledge that cannot reliably be located in advance.

How to play remotely using physical cards?

The overall process is as follows:

  • Send out physical decks to every member of the team. Agile Stationery can help pack and ship to multiple addresses.
  • One or more team mates collaborate to produce or update a suitable diagram of the system, such as a data flow diagram. 
  • A Games Master randomly generates "hands" of cards for each player using the online hand-dealing tool for EoP and Cornucopia.  
  • The Games Master books the meeting and sets up the video call. The calendar invitation will contain every player's hands.  
  • Players work in rounds to beat each other at matching the most serious threat to the system diagram, using the normal game rules.  
  • The Games Master records where the threats were found and uses your organisation's normal systems to manage the work of checking up and mitigating the threat.  
  • Scores are calculated and a winner is declared 

The Card Trading Rule

One of the less well-used optional rules in Elevation of Privilege permits players to swap cards mid game.

The great thing about this rule is that threats which players have failed to find in the system diagram might yet be found by players with different backgrounds and knowledge.
How users come to identify a possible trade is not specified. We believe that encouraging players to spend time with their own copies of the game deck and pull out their own hand is an aid to setting up trades.

When sending out the hands, copy them from the tool into the groups calendar invitation so that the hands are not a secret. 

Why use Physical decks?

A key reason Elevation of Privilege was designed as a box of cards was because "as a physical item it draws attention, and allows people to point at it in ways that are potentially awkward with a screen."  (source: EoP Whitepaper by Adam Shostack). This remains important even as we work remotely. The deck serves as a constant reminder to threat model. It acts as a compact reference even for years - like a well thumbed thesaurus!
 
The deck itself contains 84 cards with 74 cards dedicated to cyber security anti-patterns within a 6 category framework called STRIDE, making it an excellent source of cyber security content in a compact form

Online tools are designed to play out over a short period of time. Perhaps an hour or two at the most. If you're using online tools which display a random card one at a time, the players are engaging with the threats one at a time at that point in time only.

Playing remotely with a physical deck engages players in the subject matter for much longer than that. You receive the deck. You go through it as you fetch your hand. You're engaged before the game has even started. You're engaged for longer, thinking about the cards in the back of your head, while working on code. 

Introducing Croupier - The online hand-dealing tool

Ready to invest?

Convinced to invest in a deck of cards that could change of the face of security in your development team, then explore our cyber security range here. An automatic discount of 20% will be applied when you buy 3 or more decks for your team. 

Explore the games

STAY IN TOUCH

Subscribe for newsletter