PrepAway - Latest Free Exam Questions & Answers

What security problem is most likely to exist if an ope…

What security problem is most likely to exist if an operating system permits objects to be used sequentially by
multiple users without forcing a refresh of the objects?

PrepAway - Latest Free Exam Questions & Answers

A.
Disclosure of residual data.

B.
Unauthorized obtaining of a privileged execution state.

C.
Data leakage through covert channels.

D.
Denial of service through a deadly embrace.

Explanation:
Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to disclosure
of residual data. It is important that steps be taken to eliminate the chance for the disclosure of residual data.
Object reuse refers to the allocation or reallocation of system resources to a user or, more appropriately, to an
application or process. Applications and services on a computer system may create or use objects in memory
and in storage to perform programmatic functions. In some cases, it is necessary to share these resources
between various system applications. However, some objects may be employed by an application to perform
privileged tasks on behalf of an authorized user or upstream application. If object usage is not controlled or the
data in those objects is not erased after use, they may become available to unauthorized users or processes.
Disclosure of residual data and Unauthorized obtaining of a privileged execution state are both a problem with
shared memory and resources. Not clearing the heap/stack can result in residual data and may also allow the
user to step on somebody’s session if the security token/identify was maintained in that space. This is generally
more malicious and intentional than accidental though. The MOST common issue would be Disclosure of
residual data.
Incorrect Answers:
B: Unauthorized obtaining of a privileged execution state is not a problem with Object Reuse.
C: A covert channel is a communication path. Data leakage would not be a problem created by Object Reuse.
In computer security, a covert channel is a type of computer security attack that creates a capability to transfer
information objects between processes that are not supposed to be allowed to communicate by the computer
security policy. The term, originated in 1973 by Lampson is defined as “(channels) not intended for information
transfer at all, such as the service program’s effect on system load.” to distinguish it from Legitimate channels
that are subjected to access controls by COMPUSEC.
D: Denial of service through a deadly embrace is not a problem with Object Reuse.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 424
https://www.fas.org/irp/nsa/rainbow/tg018.htm
http://en.wikipedia.org/wiki/Covert_channel


Leave a Reply