Elevation of Privilege
Elevation of Privilege is a card game that allows modeling threats to a system.
Agile Method: General Overview
Threat Modeling
A threat model is a tool that helps identify a system’s vulnerabilities in advance and determine ways to address them.
In agile methodology, it is continuously updated. It must follow the existing product and quickly adapt to new developments.
How to achieve this?
Note: This post was translated from french with the help of AI. The original post was written with the knowledge of a younger me.
Diagrams and Schematics
First, it is necessary to document your project. It should have visual representations of its components and information flows.
One way to represent this data is using UML. The problem is that this language is complex to write and update manually.
It is therefore preferable to automate documentation and diagrams as much as possible (whether in UML or another format) to produce them easily with each project update.
If diagrams are done manually, simple sketches are enough. They just need to be understandable by all team members.
Once these diagrams are done, they can be analyzed to identify vulnerabilities—playfully, using the game “Elevation of Privilege”.
Game Rules
For this, plan a phase of the sprint ceremony dedicated to it.
The team sits around a table. The diagram of the project section to be analyzed is spread out on the table for everyone to see.
The “Elevation of Privilege” card game is available below.
Deal all cards to the players. The game starts with the “3 of tampering”. Play proceeds clockwise.
It is very similar to the rules of Tarot.
Each player continues in the same suit if they have a card in that suit. Otherwise, they play a card from another suit.
Each trick (one round) is won by the player with the highest card in the lead suit, unless an “Elevation of Privilege” card is played (in which case the highest of these cards wins).
To play a card, the player must announce it and try to find its corresponding threat on the diagram. The system may be resistant to this threat. In this case, the threat cannot be found on the diagram.
The player must clearly state the threat. For it to be valid, it must lead to the creation of a story ( opening NFR, User Story…) in the project.
At the end of the trick (when all players have played a card from their hand), all players who successfully identified their threat on the diagram score a point. If the trick winner also identified their threat, they score an additional point.
The trick winner starts the next trick and chooses the lead suit. Take a few minutes between tricks to review threats.
Elevation of Privilege Rules
It is very similar to the rules of Tarot“Elevation of Privilege” cards beat all other cards. They can only be played when the player has no cards in the lead suit (or if the lead suit itself is “Elevation of Privilege”).
Aces are cards that allow finding unanticipated threats in the lead suit. The player must explain the threat itself.
When all cards have been played (all tricks completed), the player with the most points wins.
Elevation of Privilege Rules, Part 2
When all cards have been played (all tricks completed), the player with the most points winsAnnotate your diagram according to the threats identified.
You can pass a player’s hand to another between tricks. This allows specialized players to play cards that previous players did not understand.
Other players, besides the one announcing their card, can challenge it by finding the announced threat in other locations than those identified by the player. They gain an additional point.
Download “ Elevation of Privilege” and its extension “ Elevation of Privacy”, with the EoP rules.