Options

object reuse and data remanence

rob1234rob1234 Banned Posts: 151
in SSCP
Hi,

I am studying this one and am a little confused, whats the difference between object reuse and data remanence?

Thanks.
· Share on FacebookShare on Twitter

Comments

  • Options
    JDMurrayJDMurray Admin Posts: 13,031 Admin
    For which CBK domain? Application Security?

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    rob1234rob1234 Banned Posts: 151
    Yes, but does it mean different things in different CBKs?
    · Share on FacebookShare on Twitter
  • Options
    BishopBBishopB Registered Users Posts: 3 ■□□□□□□□□□
    Data remanence is the residual physical representation of information that was saved and then erased in some fashion. This remanence may be enough to enable the data to be reconstructed and restored to a readable form. This can pose a security threat to a company that thinks it has properly erased confidential data from its media. If the media is reassigned (object reuse), then an unauthorized individual could gain access to your sensitive data (Harris, AIOv5).
    · Share on FacebookShare on Twitter
  • Options
    JDMurrayJDMurray Admin Posts: 13,031 Admin
    Only the CISSP CBK has a Application Security domain, but I think the SSCP CBK should have it too (IMHO).

    As BishopB quotes from Harris' AIO, data remanence is traces of data (information) that remain after a removal or deletion operation. The data may be logically removed from a file system or database, but physically the data may still exist in whole or part in a detached and unmanaged state somewhere in memory or on disk.

    Object reuse is reusing an existing object to save time and resources. An "object" is an abstract term for anything that's living, running, operating, etc.

    For example, a connection to a database can be called a resource object. If you created a database connection, used it, and then destroyed it when you are finished, that would be considered inefficient because of the time and memory it takes to create and destroy the object. It would be more efficient to request a database connection from a pool of preexisting objects, use the connection object, and then release back to the pool when you are finished. That allows a different process or thread to then reuse the connection object.

    You can see how object reuse can be an efficient way to share distributed resources, but it can be a security risk if the reused objects contain data (or meta-data) remanence from previous uses.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    rob1234rob1234 Banned Posts: 151
    Thanks guys that cleared it up :D
    · Share on FacebookShare on Twitter
Sign In or Register to comment.