Authentication Modeling with Five Generic Processes
This work addresses a conceptual gap in modeling languages for security specification, but it appears incremental as it builds on existing modeling approaches without introducing a new paradigm.
The paper tackled the lack of genericity in current modeling languages for security specification by proposing five generic processes (creating, releasing, transferring, receiving, and processing) to model system behavior, and demonstrated that these processes are sufficient to represent authentication schemes like public key infrastructure, biometric, and multifactor authentication.
Conceptual modeling is an essential tool in many fields of study, including security specification in information technology systems. As a model, it restricts access to resources and identifies possible threats to the system. We claim that current modeling languages (e.g., Unified Modeling Language, Business Process Model and Notation) lack the notion of genericity, which refers to a limited set of elementary processes. This paper proposes five generic processes for modeling the structural behavior of a system: creating, releasing, transferring, receiving, and processing. The paper demonstrates these processes within the context of public key infrastructure, biometric, and multifactor authentication. The results indicate that the proposed generic processes are sufficient to represent these authentication schemes.