The Elevation of Privilege game is designed to help you easily and quickly find threats to software or computer systems. It's the easiest way to start looking at your design from a security perspective and to threat model, intended to be picked up and used by any development group.
Because the game uses STRIDE threats, it gives you a framework for thinking, and specific actionable examples of those threats.
The game consists of 84 cards, including 2 instruction cards, 1 play and strategy flowchart card, 74 playing cards, 6 reference cards, and an ‘about’ card. The cards are in six suits. This is based on the STRIDE mnemonic introduced by Kornfelder and Garg.
STRIDE stands for:
Spoofing: Impersonating something or someone else.
Tampering: Modifying data or code.
Repudiation: Claiming not to have performed an action.
Information Disclosure: Exposing information to someone not authorized to see it.
Denial of Service: Denying or degrading service to users.
Elevation of Privilege: Gain capabilities without proper authorization.