Mumbai University > Information Technology > Sem 7 > Cloud Computing

Marks: 10M

Year: Dec 2015

1. The Google App Engine (GAE) provides a powerful distributed data storage service that features a query engine and transactions.
2. An independent third-party auditor, who claims that GAE can be secure under the SAS70 auditing industry standard, issued Google Apps an unqualified SAS70 Type II certification. However, from its on-line storage technical document of lower API, there are only some functions such as GET and PUT.
3. There is no content addressing the issues of securing storage services.
4. The security of data storage is assumed guaranteed using techniques such as by SSL link, based on our knowledge of security method adopted by other services.
5. The above figure is one of the secure services, called Google Secure Data Connector (SDC), based on GAE.
6. The SDC constructs an encrypted connection between the data source and Google Apps. As long as the data source is in the Google Apps domain to the Google tunnel protocol servers, when the user wants to get the data, he/she will first send an authorized data requests to Google Apps, which forwards the request to the tunnel server.
7. The tunnel servers validate the request identity. If the identity is valid, the tunnel protocol allows the SDC to set up a connection, authenticate, and encrypt the data that flows across the Internet. At the same time, the SDC uses resource rules to validate whether a user is authorized to access a specified resource.
8. When the request is valid, the SDC performs a network request.
9. The server validates the signed request, checks the credentials, and returns the data if the SDC and tunnel server are like the proxy to encrypt connectivity between Google Apps and the internal network. Moreover, for more security, the SDC uses signed requests to add authentication information to requests that are made through the SDC.
10. In the signed request, the user has to submit identification information including the owner_id, viewer_id, instance_id, app_id, public_key, consumer_key, nonce, token, and signature within the Request to ensure the integrity, security, and privacy of the request.