cloud cartography

Cloud cartography is a scheme for pinpointing the physical locations of Web servers hosted on a third-party cloud computing service. The goal of cloud cartography is to map the service provider's infrastructure in order to identify where a particular virtual machine (VM) is likely to reside.

Download this free guide

Instant Download: Cloud skills that will get you hired

Thinking of making a change? Download "Cloud skills, trends, and technologies to know in 2018" to nail your next interview.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

In theory, cloud cartography could be used by an attacker who wanted to place his own VM next to a target's VM and exploit vulnerabilities. To create the map, the attacker would deploy a large number of VMs in the service provider's cloud. He could then use the information he gets back from the service provider about his deployments to get a sense of how the provider assigns IP addresses for different instance types and accounts.

Once the attacker establishes where a VM might be located, he could use the information to position his own virtual machine next to his target. This would allow him to perform what is known as a side-channel attack to extract information or corrupt data in the target VM. Side-channel attacks take advantage of weaknesses in virtualization software or firmware.

See also: virtual machine escape

Learn more:

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds: The term cloud cartography was introduced by Thomas Ristenpart , Eran Tromer, Hovav Shacham and Stefan Savagepaper in a paper at MIT.

Virtualization vulnerabilities leave clouds insecure: The 'cloud cartography' research was carried out with basic network discovery techniques.

Learning to let go: A cloud security primer with George Reese: Programmer and entrepreneur George Reese is the author of "Cloud Application Architectures."