Home
Certification Preparation
(ISC)²
SSCP
object reuse and data remanence
rob1234
Hi,
I am studying this one and am a little confused, whats the difference between object reuse and data remanence?
Thanks.
Find more posts tagged with
Comments
JDMurray
For which CBK domain? Application Security?
rob1234
Yes, but does it mean different things in different CBKs?
BishopB
Data remanence
is the residual physical representation of information that was saved and then erased in some fashion. This remanence may be enough to enable the data to be reconstructed and restored to a readable form. This can pose a security threat to a company that thinks it has properly erased confidential data from its media. If the media is reassigned (
object reuse
), then an unauthorized individual could gain access to your sensitive data (Harris, AIOv5).
JDMurray
Only the CISSP CBK has a Application Security domain, but I think the SSCP CBK should have it too (IMHO).
As BishopB quotes from Harris' AIO,
data remanence
is traces of data (information) that remain after a removal or deletion operation. The data may be
logically
removed from a file system or database, but
physically
the data may still exist in whole or part in a detached and unmanaged state somewhere in memory or on disk.
Object reuse
is reusing an existing object to save time and resources. An "object" is an abstract term for anything that's living, running, operating, etc.
For example, a connection to a database can be called a
resource object
. If you created a database connection, used it, and then destroyed it when you are finished, that would be considered inefficient because of the time and memory it takes to create and destroy the object. It would be more efficient to request a database connection from a pool of preexisting objects, use the connection object, and then release back to the pool when you are finished. That allows a different process or thread to then reuse the connection object.
You can see how object reuse can be an efficient way to share distributed resources, but it can be a security risk if the reused objects contain data (or meta-data) remanence from previous uses.
rob1234
Thanks guys that cleared it up
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
