object reuse and data remanence

rob1234rob1234 Banned Posts: 151
Hi,

I am studying this one and am a little confused, whats the difference between object reuse and data remanence?

Thanks.

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,718 Admin
    For which CBK domain? Application Security?
  • rob1234rob1234 Banned Posts: 151
    Yes, but does it mean different things in different CBKs?
  • BishopBBishopB Registered Users Posts: 3 ■□□□□□□□□□
    Data remanence is the residual physical representation of information that was saved and then erased in some fashion. This remanence may be enough to enable the data to be reconstructed and restored to a readable form. This can pose a security threat to a company that thinks it has properly erased confidential data from its media. If the media is reassigned (object reuse), then an unauthorized individual could gain access to your sensitive data (Harris, AIOv5).
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,718 Admin
    Only the CISSP CBK has a Application Security domain, but I think the SSCP CBK should have it too (IMHO).

    As BishopB quotes from Harris' AIO, data remanence is traces of data (information) that remain after a removal or deletion operation. The data may be logically removed from a file system or database, but physically the data may still exist in whole or part in a detached and unmanaged state somewhere in memory or on disk.

    Object reuse is reusing an existing object to save time and resources. An "object" is an abstract term for anything that's living, running, operating, etc.

    For example, a connection to a database can be called a resource object. If you created a database connection, used it, and then destroyed it when you are finished, that would be considered inefficient because of the time and memory it takes to create and destroy the object. It would be more efficient to request a database connection from a pool of preexisting objects, use the connection object, and then release back to the pool when you are finished. That allows a different process or thread to then reuse the connection object.

    You can see how object reuse can be an efficient way to share distributed resources, but it can be a security risk if the reused objects contain data (or meta-data) remanence from previous uses.
  • rob1234rob1234 Banned Posts: 151
    Thanks guys that cleared it up :D
Sign In or Register to comment.