MoFAC: A Model for Fine-grained Access Control

  • Johan S. von Solms
  • Martin S. Olivier
  • Sebastiaan H. von Solms
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT)


Access control in Information Technology (IT) systems, also known as Authorization, is one of the cornerstones of any Information Security Policy. The granularity of such access control can be on different levels, for example on volume (disc pack) level, database level, table level, and even on individual record (or tuple) and data field level. Although very fine-grained access control, for example on record level, is often required, in most systems access control on table level is used. The reason is that the management process is significantly easier and simpler the courser the level of control becomes.

MoFAC presents a model in which access control is finer than table level, but where the increase in complexity and management stays within acceptable limits.


Authorization Access control Distributed systems Role-based security 


  1. Baker, R (1991) Computer Security Handbook, TAB Reference Books.Google Scholar
  2. Bull, JA, Gong, L and Sollins, KR (1992) Towards Security in an Open Systems Foundation, 3–20 in Computer Security—ESORICS 92. Second European Symposium on Research in Computer Security (eds Y Deswarte, G Eizenberg and J-J Quisquater), Springer-Verlag, Amsterdam.CrossRefGoogle Scholar
  3. Farrow, R (1991) UNIX System Security, Addison-Wesley.Google Scholar
  4. Holbein, R and Teufel, S (1995) A Context Authentication Service for Role Based Access Control in Distributed Systems, 270–275 in Information Security—the Next Decade (eds JHP Eloff and SH von Solms), Chapman & Hall.CrossRefGoogle Scholar
  5. ISSA (1994) Single Sign-On Requirements, Greater New York ISSA Chapter Subcommittee on SSO.Google Scholar
  6. Kay, R, (1994) Distributed and Secure, Byte, 19, 6, 165–180.Google Scholar
  7. Muftic, S (1991) Security Mechanisms for Computer Networks, Ellis Horwood.Google Scholar
  8. Pfleeger, CP (1989) Security in Computing, Prentice-Hall.Google Scholar
  9. Sandhu, RS (1993) Lattice-based Access Control Models, IEEE Computer, 9–19.Google Scholar
  10. UNIX International (1990) UNIX System V Security, UNIX International.Google Scholar
  11. Varadharajan, V (1995) Distributed Object System Security, 305–321 in Information Security—the Next Decade (eds JHP Eloff and SH von Solms), Chapman amp; Hall.CrossRefGoogle Scholar
  12. Von Solms, JS, Olivier, MS and Von Solms, SH (1995) Authorization in the Distributed Object Environment MOdel for Fine-grained Access Control (MoFAC), Poster, IT Sicherheit ’85, Graz, Austria.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 1996

Authors and Affiliations

  • Johan S. von Solms
    • 1
  • Martin S. Olivier
    • 1
  • Sebastiaan H. von Solms
    • 1
  1. 1.Department of Computer ScienceRand Afrikaans UniversityJohannesburgSouth Africa

Personalised recommendations