New storage standards from The Trusted Computing Group


This article can also be found in the Premium Editorial Download "Storage magazine: Comparing EMC Symmetrix DMX-3 vs. Hitachi Data Systems USP1100."

Download it now to read this article plus other related content.

Coming to disk drives in 2007
A trust-based architecture depends on a chain where multiple systems, apps and devices are bound by formal and tamperproof trust relationships. To that end, TCG will publish its Storage Work Group specs in early 2007, which can be viewed as an extension of the existing TPM model.

The Storage Work Group specifications provide three main security/operational benefits:

  1. Introduce the concept of trust relationships between storage devices and hosts. Through mutual identity, authentication, and the trust of hosts and storage devices, the trust environment is extended beyond the TPM and into storage devices. This limits who can read or write to a device.

  2. Enable secure control over storage device features. TCG-enabled storage can place storage devices in a "trusted state," enabling specific configurations or security features. In this way, TCG-enabled storage provides protected storage for specific users, systems or apps, and also allows exclusive control over data-at-rest encryption on storage devices.

  3. Create secure communications between storage devices and hosts. Secure storage provides session-oriented security commands on top of general host-to-storage communications through security extensions of SCSI (ANSI/INCITS T10) and ATA (ANSI/INCITS T13).
In the TCG model, storage can become

Requires Free Membership to View

the "root of trust." Storage devices can be configured to communicate with other trusted entities and enforce security policies.

Like the PC implementation, TCG-enabled storage hard-codes security functionality into device-resident security processors and firmware, and thus can't be moved or altered. TCG-enabled storage devices contain cryptographic engines and enable different trust-based apps for protected storage. Security services are called through specific APIs, which isolate storage functions behind a "trust boundary." Only trusted entities with access and authorization to the API can see and use the TCG trusted storage functionality.

This was first published in January 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: