In multi-cloud environments, cloud providers may falsify virtual machine (VM) geographic locations, compromising regulatory compliance and security. To address this threat, we propose an active, VM-side geolocation verification method grounded in a realistic threat model. Our approach leverages global latency measurements from the RIPE Atlas probe network and introduces three core techniques: (i) a proximity-aware greedy probe selection strategy, (ii) a latency-behavior clustering–driven sector partitioning mechanism, and (iii) a landmark centroid estimation algorithm within each sector. Crucially, the method operates independently of cloud provider cooperation and is resilient to deliberate location spoofing. Under the worst-case scenario—where providers fully fabricate locations—our method achieves a mean localization error of only 22.1 km, substantially outperforming prior approaches. We open-source the complete toolchain on GitHub and empirically validate its robustness and practicality across diverse real-world deployments.

In multicloud environments, where legal obligations, technical constraints and economic interests are at stake, it is of interest to stakeholders to be able to locate cloud data or the cloud instance where data are decrypted for processing, making it particularly vulnerable. This paper proposes an original and practical delay-based approach, called GeoFINDR, to locate a cloud instance, e.g. a Virtual Machine (VM), over the Internet, based on RIPE Atlas landmarks. First, the assumed threat model and assumptions are more realistic than in existing solutions, e.g. VM-scale localization in multicloud environments, a Cloud Service Provider (CSP) lying about the VM's location. Second, the originality of the approach lies in four original ideas: (1) geolocalization is performed from the VM, (2) a Greedy algorithm selects a first set LM_A of distributed audit landmarks in the vicinity of the declared area, (3) a sectorization algorithm identifies a set LM_S of other landmarks with distance delay behavior similar to that of the VM to estimate the sector of the VM, and (4) the estimated location of the VM is calculated as the barycenter position of the LM_S landmarks. An open source tool is published on GitHub and experiments show that localization accuracy can be as high as 22.1km, under unfavorable conditions where the CSP lies about the location of the VM.