cloud cartography

Cloud cartography is a scheme for pinpointing the physical locations of Web servers hosted on a third-party cloud computing service. The goal of cloud cartography is to map the service provider's infrastructure in order to identify where a particular virtual machine (VM) is likely to reside.

In theory, cloud cartography could be used by an attacker who wanted to place his own VM next to a target's VM and exploit vulnerabilities. To create the map, the attacker would deploy a large number of VMs in the service provider's cloud. He could then use the information he gets back from the service provider about his deployments to get a sense of how the provider assigns IP addresses for different instance types and accounts.

Once the attacker establishes where a VM might be located, he could use the information to position his own virtual machine next to his target. This would allow him to perform what is known as a side-channel attack to extract information or corrupt data in the target VM. Side-channel attacks take advantage of weaknesses in virtualization software or firmware.

See also: virtual machine escape

Learn more:

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds: The term cloud cartography was introduced by Thomas Ristenpart , Eran Tromer, Hovav Shacham and Stefan Savagepaper in a paper at MIT.

Virtualization vulnerabilities leave clouds insecure: The 'cloud cartography' research was carried out with basic network discovery techniques.

Learning to let go: A cloud security primer with George Reese: Programmer and entrepreneur George Reese is the author of "Cloud Application Architectures."

This was last updated in November 2010

Dig Deeper on Cloud infrastructure design and management