Stale-Safe Security Properties for Group-Based Secure Information Sharing

Attribute staleness arises due to the physical distribution of authorization information, decision and enforcement points. This is a fundamental problem in virtually any secure distributed system in which the management and representation of authorization state is not centralized. This problem is so intrinsic, it is inevitable that access control will be based on attribute values that are stale. While it may not be practical to eliminate staleness, people can limit unsafe access decisions made based on stale subject and object attributes. In this paper, the authors propose and formally specify four stale-safe security properties of varying strength which limit such incorrect access decisions.