Definition

cloud cartography

TechTarget Contributor

By

TechTarget Contributor

Cloud cartography is a scheme for pinpointing the physical locations of Web servers hosted on a third-party cloud computing service. The goal of cloud cartography is to map the service provider's infrastructure in order to identify where a particular virtual machine (VM) is likely to reside.

In theory, cloud cartography could be used by an attacker who wanted to place his own VM next to a target's VM and exploit vulnerabilities. To create the map, the attacker would deploy a large number of VMs in the service provider's cloud. He could then use the information he gets back from the service provider about his deployments to get a sense of how the provider assigns IP addresses for different instance types and accounts.

Once the attacker establishes where a VM might be located, he could use the information to position his own virtual machine next to his target. This would allow him to perform what is known as a side-channel attack to extract information or corrupt data in the target VM. Side-channel attacks take advantage of weaknesses in virtualization software or firmware.

See also: virtual machine escape

Learn more:

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds: The term cloud cartography was introduced by Thomas Ristenpart , Eran Tromer, Hovav Shacham and Stefan Savagepaper in a paper at MIT.

Virtualization vulnerabilities leave clouds insecure: The 'cloud cartography' research was carried out with basic network discovery techniques.

Learning to let go: A cloud security primer with George Reese: Programmer and entrepreneur George Reese is the author of "Cloud Application Architectures."

This was last updated in November 2010

Dig Deeper on Cloud infrastructure design and management

SearchServerVirtualization

Winners of the Best of VMworld 2021 Awards
TechTarget hosts its Best of VMworld Awards to recognize outstanding products that help organizations create infrastructure that ...
Select the best servers for virtualization and beyond
Consider sizing, security and hardware, as well as developing technologies such as hyper-convergence, hybrid cloud and containers...
How to choose the best hardware for virtualization
Selecting the best hardware for virtualization is the foundation of maintaining or designing a robust, reliable and scalable data...

SearchVMware

Avoid VM latency issues with VMware NUMA Observer
NUMA Observer from VMware Labs helps admins identify VMs that have overlapping NUMA nodes and storage problems. Learn how the ...
Enable vSAN data-at-rest encryption for extra VM security
Data-at-rest encryption secures data all the way down to the storage level. Increase VM security in a couple of steps and ...
An intro to using vRA Custom Resources
VRealize Automation offers Custom Resources to enable a vRA user to create a variety of user objects to simplify management of ...

SearchVirtualDesktop

Understanding the DaaS options for Macs
When people discuss desktop as a service, it is usually in the context of Windows desktops. For macOS, however, implementing DaaS...
What are the key differences between DaaS and VPN?
VPN and DaaS can both give remote access to corporate resources, but they differ in key ways. IT admins should consider these ...
Comparing Windows 365 vs. Azure Virtual Desktop
While Azure Virtual Desktop and Windows 365 both offer a virtual desktop service from Microsoft, major differences exist between ...

SearchAWS

In search of AWS Solutions Architect preparation?
Think you're ready for the AWS Certified Solutions Architect certification exam? Test your knowledge with these 12 questions, and...
Experts raise privacy concerns over Amazon fleet surveillance
Amazon said its van monitoring system is designed solely for driver safety. But many industry experts have concerns regarding the...
Here's why Amazon's global expansion won't come easy
Amazon would like to strengthen its global footprint, but the e-commerce giant faces roadblocks and challenges today that did not...

SearchDataCenter

How to design and build a data center
Designing an efficient data center is no small feat. Review data center facility and infrastructure components and different ...
Top data center infrastructure management software in 2022
DCIM tools can improve data center management and operation. Learn how six prominent products can help organizations control ...
Evaluate 5G networks vs. 4G for data centers
5G networking requires organizations and data centers to support IoT, while 4G requires increased machinery. Learn more about the...

SearchWindowsServer

Query event logs with PowerShell to find malicious activity
Every action on a Windows Server system gets recorded, so don't get caught by an avoidable security incident. Learn how to find ...
Microsoft corrects Windows zero-day for May Patch Tuesday
Administrators should plan on extra testing after deploying this month's patches due to the heavy concentration of fixes in three...
Microsoft modern authentication deadline looms over Exchange
Support for basic authentication will end this year, giving administrators who haven't switched to a newer authentication method ...

Close