Related Resources
Storage Work Group Storage Security Subsystem Class: Enterprise FAQs
Enterprise Security Subsystem Class Specification FAQ
January 2009
Q. What is the Storage Work Group?
A. The Storage Work Group is an organization within the Trusted Computing Group. It consists of TCG member companies with interests in the implementation of the Trusted Computing Group's methodologies for storage. For more information on the Storage Work Group, please see the documents at www.trustedcomputinggroup.org/developers/storage/.
Q. What is the purpose of the Storage Work Group?
A. The purpose of the Storage Work Group is to provide a set of specifications that enable the implementation of Trusted Storage. Using standards-based encryption techniques and methodologies, the specifications will allow users to store data with protection against theft or loss.
Q. How is the Storage Work Group organized?
A. The Storage Work Group operates under the auspices of the TCG. Membership in the Storage Work Group is determined by TCG bylaws and is open to all TCG members.
Q. Who is participating in the Storage Work Group?
A. Participation in the Storage Work Group includes storage device manufacturers, storage subsystem manufacturers, software vendors, and designers of custom, highly integrated components. Storage and security management and storage integratio vendors also participate. A complete list of TCG members is online at www.trustedcomputinggroup.org.
Q. What is the output of this Work Group?
A. The Storage Work Group develops standards and practices for defining the same security services across dedicated storage controller interfaces, including but not limited to ATA, Serial ATA, SAS and Fibre Channel. Storage systems include disk drives, removable media drives, flash storage, and multiple storage device systems.
Q. What is a Security Subsystem Class (SSC)?
A. TheTrusted Storage Architecture Core Specification developed in the Storage Work Group provides a comprehensive definition of TCG-related functions for a TCG trusted storage device. However, trusted storage devices use cases may not require all Core Specification functionality. There are multiple "classes" of Core Specification compliance called Security Subsystem Classes (SSCs). SSCs explicitly define the minimum acceptable Core Specification capabilities of a storage device in a specific "class".
Q. What is the Enterprise SSC?
A. The Enterprise SSC specification is predicated on ease of implementation and integration. This SSC defines the specifications and methodologies for implementing the Core Specification for fixed media storage devices in high performance storage systems. The Enterprise SSC specification is based on the Trusted Storage Architecture Core Specification Version 1.0 Revision .9.
Q. What is the audience for this specification?
The target audience for the Enterprise SSC specification includes system integrators for trusted storage solutions and manufacturers of Enterprise SSC storage devices.
Q. What requirements are satisfied by Enterprise SSC?
A. This SSC provides functionality to protect user data from compromise due to the loss, theft, repurposing or end of life of the storage device. The rapid secure erase of user data is also supported.
Q. How is the media managed in the Enterprise SSC?
A. The Enterprise SSC specification supports multiple storage ranges with each having its own authentication and encryption key. The password, range start, range length and read/write locks for each range are user settable.
Q. Why would a developer want to develop such a device?
A. Based on the growing number of security breaches involving lost or stolen storage, the marketplace is ready for a secure solution with the capability of integration with other devices/systems based on TCG specifications.
Q. How will this device be used?
A. Enterprise storage devices may be used in any market segment requiring protection of data at rest. Governmental agencies, financial services, healthcare, insurance, and military are market examples.
Q. What about DRM?
A. Enterprise storage devices can be provided to help users protect their data and for content owners to protect theirs. As is true with all Trusted Computing Group specifications, the specifications do not specifically provide DRM capabilities or software and do not "lock" a user to a specific software or platform, nor are they intended to reduce a user's access to his or her own content or applications.
Q. When will Enterprise trusted storage devices be available?
A. Product announcements from a disk drive manufacturer and several storage subsystem suppliers have occurred.
Q. Would Enterprise trusted storage devices require a TPM? Are they required to
be used in systems with TPMs?
A. A Trusted storage device itself does not require a TPM, but for optimal data security and protection, pairing these devices with clients that have TPMs is recommended.
Q. How much redesign of a standard device will be necessary and what will
related costs be?
A. Since the TCG Enterprise SSC specification does not specify any modification of recording methods or media formats, it is only the controller IC that requires modification. Although this is not a small modification, high-integration ICs (integrated circuits) minimize both the cost and complexity of the implementation.
Q. Have you taken into account existing standards such as those for SCSI and
ATA?
A. SCSI (T10) and ATA (T13) are ANSI/INCITS standards committees that input their standards to ISO and provide the interface standards for a great variety of storage devices. Many Storage Work Group members are also involved in these public standards in order that the specific needs of trusted storage devices are provided in those public standards. The Storage Work Group has a Storage Interface Interactions Subgroup to handle any necessary interactions with T10 or T13.
Q. Where are the TCG Storage specifications available?
A. The Storage Work Group Trusted Storage Architecture Core Specification Version 1.0
Revision .9, Enterprise SSC and Storage Interface Interaction specifications are
available now at: www.trustedcomputinggroup.org/developers/Storage.
Contact: Anne Price
602-840-6495
press@trustedcomputinggroup.org