Elevation of Privilege: Drawing Developers into Threat Modeling Adam Shostack

Slides:



Advertisements
Similar presentations
Sachin Rawat Crypsis SDL Threat Modeling.
Advertisements

Elevation of Privilege The easy way to threat model
Engineers are People Too
Bridging the gap between software developers and auditors.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.
WIN, LOSE OR DRAW. RULES Divide the class into teams. One member of the team will draw a card. They will then try to give clues by drawing on the whiteboard.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
Intro to Probability & Games
Spades Game Application with Video Conference Group 12 Anıl Yaman Emre Ergün Hüseyin Aktaş Pınar Tekir.
Mau Mau (mow- mow) A card game
BRIDGE LESSONS Welcome Teacher: Your Name Here Telephone: © Copyright Reserved New Zealand Bridge Inc Prepared.
THREAT MODELLING Kick start your application security with Threat Modelling.
Training of Adults Useful tips to know to conduct a good training Presentation 22.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
INCLUSIVE COACHING CHANGE IT GUIDELINES. AIM  Identifying and managing difference within a team environment  CHANGE IT – Tools had to modify coaching.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 STRIDE towards 2-factor Web SSO Rich Graves October 2014 GIAC GSE, GCIA, GCIH, GPEN,
(Duo) Multifactor at Carleton College work in progress Rich Graves
1 Threat Modeling at Symantec OWASP WWW, Irvine, CA, January 28, 2011 Threat Modeling at Symantec Edward Bonver Principal Software Engineer, Symantec Product.
Casinos There’s a reason they are big and extravagant!
Sonny Thomas Macdonald SONNY THOMAS MACDONALD 2010 Internet Computing Bsc.
Revision and Study Skills 3 secrets. 3 Secrets of Success.
CSE 403 Lecture 14 Safety and Security Requirements.
Secure Implementation In Real Life
Poker Download A most popular card game or group of card games is called poker. Players compete against one another by betting on the values of each player's.
MY GAME: BY JOSHUA HARDY. WHY PROBABILITY IS IN YOUR FAVOUR: P robability is in your favour because the players are limitless and the most UNCOMMON cards.
Poker. Basic card terminology Suits: Hearts, diamonds, clubs, spades Deuce, face cards.
Dependent and Independent Events. Events are said to be independent if the occurrence of one event has no effect on the occurrence of another. For example,
Game City In this project you will learn the basics of visual programming to start creating your own games. The tool you will be using to do this is Microsoft.
Interest is the central force that drives the whole machinery of Teaching Learning Process Interest can be the cause of an activity and the result of.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
New And Exciting Board Games! Catalog Navigation Use the arrow buttons in the lower right corner to control the navigation.
BRIDGE LESSONS Welcome Teacher: Your Name Here Telephone: © Copyright Reserved New Zealand Bridge Inc Prepared.
Module 6: Designing Security for Network Hosts
Title: South Africa 2010 – Development. Lesson Objective: To investigate through playing the World Cup Development game – which country would win the World.
Module 11: Designing Security for Network Perimeters.
Draw 3 cards without replacement from a standard 52 card deck. What is the probability that: 1.They are all red ? 2.At least one is black ? 3.They are.
The Digital Crime Scene: A Software Perspective Written By: David Aucsmith Presented By: Maria Baron.
Technology, Digital Media, and Curriculum Integration
Games We Play By James Ramdeo 8.2 STEM Club. Factors and Multiples is a game that can be played against one of friends. In this game you start with any.
Game-Based Learning. ~ Plato Do not keep children to their studies by compulsion, but by play.
BRIDGE LESSONS Welcome Teacher: Your Name Here Telephone: © Copyright Reserved New Zealand Bridge Inc Prepared.
Picking Apples. Subtraction game. Turn over two cards from 0-10 Work out the difference. If you have an apple with this amount put a counter on it. First.
1 BEGINNERS’ LESSONS Welcome Teacher: Your Name Here Telephone: © Copyright Reserved New Zealand Bridge Inc Prepared.
Chapter 1: Security Governance Through Principles and Policies
Module 7: Designing Security for Accounts and Services.
Presented by Mike Sues, Ethical Hack Specialist Threat Modeling.
Prepare Prioritize! Bring plenty of resumes No casual attire InappropriateAppropriate.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
Latest Technology Spy Cheating Playing Cards in Rajkot India Call : , Website:
Play Your Best With Lunar Poker Modern times have seen a growth in the poker activity around the world. With its easy rules and high risk-high rewards.
Module 5: Designing Physical Security for Network Resources
Threat Modeling for Cloud Computing
BEGINNERS’ LESSONS Welcome
STRIDE to a secure Smart Grid in a hybrid cloud
Gobet88-online casino We provide fast and easy way for our value customers to wage in reliable online betting companies. Below are the banks that we currently.
Evaluating Existing Systems
Evaluating Existing Systems
Games to engage users and collect data
High Secured Inter-Cloud Connectivity via Public Networks
Grammar for Writing Revisited
Engineering Secure Software
BEGINNERS’ LESSONS Welcome
Engineering Secure Software
Objectives To understand what makes a good game
Goal Space Parts Rules Mechanics Space – Where the game takes place
BEGINNERS’ LESSONS Welcome
Presentation transcript:

Elevation of Privilege: Drawing Developers into Threat Modeling Adam Shostack

Background 15 years of structured security approaches at Microsoft – Threat modeling (“Threats to our Products”, 1999) – STRIDE: mnemonic for common threats Spoofing, Tampering, Repudiation, Info Disclosure, Denial-of-Service, Elevation of Privilege – Security Development Lifecycle, 2002 Security experts versus others

Motivation: The game Observations of threat modeling – A security expert only activity? – Smart people not steeped in security…stymied Goal: a way to do and learn which is – Non-threatening – Enticing – Supportive Protection Poker

Motivation: This talk Share the journey Hope to inform future game designers “Fortune favors the prepared mind” – Louis Pasteur

Elevation of Privilege: The Game Game mechanic borrowed from no-bid Spades Equipment: – Card deck, whiteboard – Cards in 6 suits, based on STRIDE – Each card has a “hint” Played in tricks, high card wins – High card in suit, or in trump suit CC-BY 3.0 licensing

Prototype Have suit, #, hint On-card space for recording System for “riffing” on threats I bet you think this threat is about YOU 1 Deck -> 1 Use! Complex scoring

Design Tradeoffs Card size Game/Gamification – Points, Badges, Leaderboards? – Authenticity Hint construction Depth/Breadth Physical cards? Graphic design investment

Serendipity Game more popular outside Microsoft – Can’t force play – Ask people to suspend of skepticism – Learning versus core job skill (see Smith, 2011) Game results in real threat model – Learn as you do – Unusual feature

Resources: Threat Modeling: Designing for Security (Wiley, 2014)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.