Elevation of Privilege: Drawing Developers into Threat Modeling

نویسنده

Adam Shostack

چکیده

This paper presents Elevation of Privilege, a game designed to draw people who are not security practitioners into the craft of threat modeling. The game uses a variety of techniques to do so in an enticing, supportive and non-threatening way. The subject of security tools for software engineering has not generally been studied carefully. This paper shares the objectives and design of the game, as well as tradeoffs made and lessons learned while building it. It concludes with discussion of other areas where games may help information security professionals reach important goals.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Security Evaluation Method Based on Threat Classification for Web Service

Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security eval...

متن کامل

Analytical Modeling of Axi-Symmetric Sheet Metal Forming

The cup drawing is a basic deep drawing process. Thus, understanding the mechanics ofthe cup drawing process helps in determining the general parameters that affect the deep drawingprocess. There are mainly two methods of analysis; experimental and analytical/numerical.Experimental analysis can be useful in analyzing the process to determine the process parameters thatproduce a defect free prod...

متن کامل

Technical Report: Creating a Preliminary Cyber Ontology for Insider Threats in the Financial Sector

Insider attack has become a major threat in financial sector and is a very serious and pervasive security problem. Currently, there is no insider threat ontology in this domain and such an ontology is critical to developing countermeasures against insider attacks. In this paper, we create an ontology focusing on insider attacks in the banking domain targeting database systems. We define the tax...

متن کامل

Improving Integer Security for Systems with KINT

Integer errors have emerged as an important threat to systems security, because they allow exploits such as buffer overflow and privilege escalation. This paper presents KINT, a tool that uses scalable static analysis to detect integer errors in C programs. KINT generates constraints from source code and user annotations, and feeds them into a constraint solver for deciding whether an integer e...

متن کامل

Numerical and Experimental Research of Deep Drawing Process

There are mainly two methods of deep drawing analysis; experimental and analytical/numerical. Experimental analysis can be useful in analyzing the process to determine the process parameters that produce a defect free product, and the analytical/numerical modeling can be used to model and analyze the process through all stages of deformation. This approach is less time consuming and more econom...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2014

Elevation of Privilege: Drawing Developers into Threat Modeling

نویسنده

چکیده

منابع مشابه

A Security Evaluation Method Based on Threat Classification for Web Service

Analytical Modeling of Axi-Symmetric Sheet Metal Forming

Technical Report: Creating a Preliminary Cyber Ontology for Insider Threats in the Financial Sector

Improving Integer Security for Systems with KINT

Numerical and Experimental Research of Deep Drawing Process

عنوان ژورنال:

اشتراک گذاری