dc.contributor.author | Tøndel, Inger Anne | |
dc.contributor.author | Oyetoyan, Tosin Daniel | |
dc.contributor.author | Jaatun, Martin Gilje | |
dc.contributor.author | Cruzes, Daniela Soares | |
dc.date.accessioned | 2019-01-31T12:13:11Z | |
dc.date.available | 2019-01-31T12:13:11Z | |
dc.date.created | 2018-09-24T11:46:26Z | |
dc.date.issued | 2018 | |
dc.identifier.isbn | 978-1-4503-6455-3 | |
dc.identifier.uri | http://hdl.handle.net/11250/2583336 | |
dc.description.abstract | The goal of secure software engineering is to create software that keeps performing as intended even when exposed to an active attacker. Threat modelling is considered to be a key activity, but can be challenging to perform for developers. Microsoft has tried to lower the bar through creating a threat modelling game called Elevation of Privilege (EoP), but anecdotal evidence suggests that it has seen little use in actual development projects. To learn more about challenges facing adoption of EoP, we performed a case study in a university setting comprising several agile development projects. The results show that the game aided in discussing and learning about software security, but the impact on development seems to have been limited. In addition, challenges related to game dynamics, relevance of hints on the cards, and the time needed to play the game, limits the acceptance of the game | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Association for Computing Machinery (ACM) | nb_NO |
dc.relation.ispartof | HoTSoS '18,Proceedings of the 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, Raleigh, North Carolina, April 10-11, 2018 | |
dc.title | Understanding challenges to adoption of the Microsoft Elevation of Privilege game | nb_NO |
dc.type | Chapter | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.identifier.doi | 10.1145/3190619.3190633 | |
dc.identifier.cristin | 1612891 | |
dc.relation.project | Norges forskningsråd: 247678 | nb_NO |
dc.description.localcode | © ACM, 2018. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM Transactions of Computing Education, https://doi.org/10.1145/3190619.3190633 | nb_NO |
cristin.unitcode | 194,63,10,0 | |
cristin.unitname | Institutt for datateknologi og informatikk | |
cristin.ispublished | true | |
cristin.fulltext | postprint | |
cristin.qualitycode | 1 | |