Definition

cloud cartography

TechTarget Contributor

By

TechTarget Contributor

Cloud cartography is a scheme for pinpointing the physical locations of Web servers hosted on a third-party cloud computing service. The goal of cloud cartography is to map the service provider's infrastructure in order to identify where a particular virtual machine (VM) is likely to reside.

In theory, cloud cartography could be used by an attacker who wanted to place his own VM next to a target's VM and exploit vulnerabilities. To create the map, the attacker would deploy a large number of VMs in the service provider's cloud. He could then use the information he gets back from the service provider about his deployments to get a sense of how the provider assigns IP addresses for different instance types and accounts.

Once the attacker establishes where a VM might be located, he could use the information to position his own virtual machine next to his target. This would allow him to perform what is known as a side-channel attack to extract information or corrupt data in the target VM. Side-channel attacks take advantage of weaknesses in virtualization software or firmware.

See also: virtual machine escape

Learn more:

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds: The term cloud cartography was introduced by Thomas Ristenpart , Eran Tromer, Hovav Shacham and Stefan Savagepaper in a paper at MIT.

Virtualization vulnerabilities leave clouds insecure: The 'cloud cartography' research was carried out with basic network discovery techniques.

Learning to let go: A cloud security primer with George Reese: Programmer and entrepreneur George Reese is the author of "Cloud Application Architectures."

This was last updated in November 2010

Dig Deeper on Cloud security tools

SearchServerVirtualization

VMworld 2021 news and conference coverage
This year's VMworld conference ran virtually from Oct. 5 through Oct. 7. Read the latest news and announcements about and from ...
VSphere VM Service: Provision VMs with Kubernetes APIs
With Tanzu integration and vSphere VM Service lets developers and admins spin up VMs and guest OSes as desired-state images in ...
VMware's Project Monterey expands its capabilities, use cases
With updates to Project Monterey, VMware customers can now use DPUs for networking, security and bare-metal deployments from the ...

SearchVMware

Dell officially spins off 81% equity ownership of VMware
The spinoff agreement provides VMware with increased strategic and financial flexibility to grow its cloud and infrastructure ...
3 VMware disk types you should know: Raw, thick and thin
Raw, thick and thin disks offer portability and file storage efficiency. But each type has its pros and cons, including slower ...
Simplify VM right-sizing with VMware VMDSC Fling
The VM Desired State Configuration Fling helps reduce system outages and application performance issues with the help of an API ...

SearchVirtualDesktop

Setting up and troubleshooting multiple thin client monitors
Thin clients generally require less attention from desktop administrators, but sometimes, IT needs to intervene to set up or ...
Choosing a thin client for remote desktop protocol access
There are plenty of suitable thin client options for RDP environments, but each device has unique characteristics that make it a ...
Understanding the difference between thin and thick clients
How do thin and thick clients compare for licensing or flexibility? These two endpoint types each have their role in the ...

SearchAWS

In search of AWS Solutions Architect preparation?
Think you're ready for the AWS Certified Solutions Architect certification exam? Test your knowledge with these 12 questions, and...
Experts raise privacy concerns over Amazon fleet surveillance
Amazon said its van monitoring system is designed solely for driver safety. But many industry experts have concerns regarding the...
Here's why Amazon's global expansion won't come easy
Amazon would like to strengthen its global footprint, but the e-commerce giant faces roadblocks and challenges today that did not...

SearchDataCenter

IBM details Kyndryl spinoff, business reorg and earnings
IBM's third-quarter earnings report was a mixed bag, with overall cloud revenues continuing to rise, and server hardware showing ...
Bust latency with monitoring practices and tools
Improve latency across your data center's infrastructure by exploring its causes, a handful of best practices and tools you can ...
Best practices for container security in the data center
Container sprawl and container repositories can introduce new vulnerabilities to a data center. Here's what organizations should ...

SearchWindowsServer

Get up to speed with PowerShell and the Microsoft Graph API
Microsoft plans to retire technologies that admins depend on to handle Office 365 and other cloud services via PowerShell. Learn ...
Microsoft Ignite 2021 conference coverage
Microsoft is expected to highlight the features in its new Windows desktop and server products as well as company efforts in ...
Microsoft squashes Windows zero-day on October Patch Tuesday
In addition to the publicly exploited bug, Microsoft corrected 76 flaws, including four that had been publicly disclosed, in this...

Close