Justine Sherry's Homepage

2025

A First Look at Starlink’s Impact on Internet Equity. (2025, September). Proceedings of the 2025 Research Conference on Communications, Information and Internet Policy. [pdf] [bibtex]

BibTeX:

@inproceedings{suizo-tprc2025,
  author = {},
  title = {A First Look at Starlink’s Impact on Internet Equity},
  series = {TPRC '53},
  booktitle = {Proceedings of the 2025 Research Conference on Communications, Information and Internet Policy},
  month = sep,
  year = {2025},
  location = {Washington, DC}
}

Congestion Safety Audits for Internet Services. (2025, September). Proceedings of the 2025 Research Conference on Communications, Information and Internet Policy. [pdf] [bibtex]

BibTeX:

@inproceedings{sherry-tprc2025,
  author = {},
  title = {Congestion Safety Audits for Internet Services},
  series = {TPRC '53},
  booktitle = {Proceedings of the 2025 Research Conference on Communications, Information and Internet Policy},
  month = sep,
  year = {2025},
  location = {Washington, DC}
}

2024

Ferreira, M., Ware, R., Kothari, Y., Lynce, I., Martins, R., Narayan, A., & Sherry, J. (2024). Reverse-Engineering Congestion Control Algorithm Behavior. Proceedings of the 2024 ACM Internet Measurement Conference (IMC). [pdf] [bibtex]

BibTeX:

@inproceedings{ferreira-imc2024,
  author = {Ferreira, Margarida and Ware, Ranysha and Kothari, Yash and Lynce, Ines and Martins, Ruben and Narayan, Akshay and Sherry, Justine},
  title = {Reverse-Engineering Congestion Control Algorithm Behavior},
  series = {IMC '24},
  booktitle = {Proceedings of the 2024 ACM Internet Measurement Conference (IMC)},
  year = {2024},
  publisher = {ACM},
  address = {New York, NY, USA},
  location = {Madrid, Spain}
}

Philip, A. A., Athapathu, R., Ware, R., Mkocheko, F. F., Schlomer, A., Shou, M., Meng, Z., Seshan, S., & Sherry, J. (2024). Prudentia: Findings of an Internet Fairness Watchdog. Proceedings of the 2024 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). [pdf] [bibtex]

BibTeX:

@inproceedings{philip-sigcomm2024,
  author = {Philip, Adithya Abraham and Athapathu, Rukshani and Ware, Ranysha and Mkocheko, Fabian Francis and Schlomer, Alexis and Shou, Mengrou and Meng, Zili and Seshan, Srinivasen and Sherry, Justine},
  title = {Prudentia: Findings of an Internet Fairness Watchdog},
  booktitle = {Proceedings of the 2024 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  year = {2024},
  publisher = {ACM},
  address = {Sydney, Australia}
}

Ware, R., Philip, A. A., Hungria, N., Kothari, Y., Sherry, J., & Seshan, S. (2024). CCAnalyzer: An Efficient and Nearly-Passive Congestion Control Classifier. Proceedings of the 2024 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). [pdf] [bibtex]

BibTeX:

@inproceedings{ware-sigcomm2024,
  author = {Ware, Ranysha and Philip, Adithya Abraham and Hungria, Nicholas and Kothari, Yash and Sherry, Justine and Seshan, Srinivasen},
  title = {CCAnalyzer: An Efficient and Nearly-Passive Congestion Control Classifier},
  booktitle = {Proceedings of the 2024 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  year = {2024},
  publisher = {ACM},
  address = {Sydney, Australia}
}

Ferreira, M., Atre, N., Sherry, J., & Sobrinho, J. L. (2024). Impossibility Results for Data-Center Routing with Congestion Control and Unsplittable Flows. Proceedings of the 2024 ACM Symposium on Principles of Distributed Computing (PODC). [pdf] [bibtex]

BibTeX:

@inproceedings{ferreira-podc2024,
  author = {Ferreira, Miguel and Atre, Nirav and Sherry, Justine and Sobrinho, Jo\~{a}o Luis},
  title = { Impossibility Results for Data-Center Routing with Congestion Control and Unsplittable Flows},
  booktitle = {Proceedings of the 2024 ACM Symposium on Principles of Distributed Computing (PODC)},
  year = {2024},
  publisher = {ACM},
  address = {Nantes, France}
}

Atre, N., Sadok, H., & Sherry, J. (2024, April). BBQ: A Fast and Scalable Integer Priority Queue for Hardware Packet Scheduling. 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI). [pdf] [bibtex]

BibTeX:

@inproceedings{atre-nsdi24,
  author = {Atre, Nirav and Sadok, Hugo and Sherry, Justine},
  title = {{BBQ}: A Fast and Scalable Integer Priority Queue for Hardware Packet Scheduling},
  booktitle = {21st {USENIX} Symposium on Networked Systems Design and Implementation (NSDI)},
  year = {2024},
  isbn = {},
  address = {Santa Clara, MA},
  pages = {},
  publisher = {{USENIX} Association},
  month = apr,
  series = {{NSDI}~'24}
}

2023

Brown, L., Kothari, Y., Narayan, A., Krishnamurthy, A., Panda, A., Sherry, J., & Shenker, S. (2023, November). How I Learned To Stop Worrying About CCA Contention. Proceedings of the Thirty-First Workshop on Hot Topics in Networks (HotNets). [pdf] [abstract] [bibtex]

Abstract: This paper asks whether inter-flow contention between congestion control algorithms (CCAs) is a dominant factor in determining a flow’s bandwidth allocation in today’s Internet. We hypothesize that CCA contention typically does not determine a flow’s bandwidth allocation, present an initial analysis in support of this hypothesis, propose a measurement technique and study to settle this question, and discuss the implications should the hypothesis prove true.
BibTeX:
```
@inproceedings{brown-hotnets2023,
  author = {Brown, Lloyd and Kothari, Yash and Narayan, Akshay and Krishnamurthy, Arvind and Panda, Aurojit and Sherry, Justine and Shenker, Scott},
  title = {{How I Learned To Stop Worrying About CCA Contention}},
  year = {2023},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {},
  doi = {},
  booktitle = {Proceedings of the Thirty-First Workshop on Hot Topics in Networks (HotNets)},
  pages = {},
  location = {Boston, Massachusetts},
  month = nov,
  series = {{HotNets}~'23}
}
```
Butrovich, M., Ramanathan, K., Rollison, J., Lim, W. S., Zhang, W., Sherry, J., & Pavlo, A. (2023). Tigger: A Database Proxy That Bounces With User-Bypass. VLDB 2023. [pdf] [abstract] [bibtex]

Abstract: Developers often deploy database-specific network proxies whereby applications connect transparently to the proxy instead of directly connecting to the database management system (DBMS). This indirection improves system performance through connection pooling, load balancing, and other DBMS-specific optimizations. Instead of simply forwarding packets, these proxies implement DBMS protocol logic (i.e., at the application layer) to achieve this behavior. Consequently, existing proxies are user-space applications that process requests as they arrive on network sockets and forward them to the appropriate destinations. This approach incurs inefficiencies as the kernel repeatedly copies buffers between user-space and kernel-space, and the associated system calls add CPU overhead.

This paper presents user-bypass, a technique to eliminate these overheads by leveraging modern operating system features that support custom code execution. User-bypass pushes application logic into kernel-space via Linux’s eBPF infrastructure. To demonstrate its benefits, we implemented Tigger, a PostgreSQL-compatible DBMS proxy using user-bypass to eliminate the overheads of traditional proxy design. We compare Tigger’s performance against other state-of-the-art proxies widely used in real-world deployments. Our experiments show that Tigger outperforms other proxies — in one scenario achieving both the lowest transaction latencies (up to 29% reduction) and lowest CPU utilization (up to 42% reduction). The results show that user-bypass implementations like Tigger are well-suited to DBMS proxies’ unique requirements.
BibTeX:
```
@inproceedings{butrovich-vldb2023,
  author = {Butrovich, M. and Ramanathan, K. and Rollison, J. and Lim, W. S. and Zhang, W. and Sherry, J. and Pavlo, A.},
  year = {2023},
  booktitle = {VLDB 2023},
  title = {{Tigger: A Database Proxy That Bounces With User-Bypass}}
}
```
Sadok, H., Atre, N., Zhao, Z., Berger, D. S., Hoe, J. C., Panda, A., Sherry, J., & Wang, R. (2023, July). Ensō: A Streaming Interface for NIC-Application Communication. 17th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Awarded Jay Lepreau Best Paper Award. [pdf] [abstract] [bibtex]

Abstract: Today, most communication between the NIC and software involves exchanging fixed-size packet buffers. This packetized interface was designed for an era when NICs implemented few offloads and software implemented the logic for translating between application data and packets. However, both NICs and networked software have evolved: modern NICs implement hardware offloads, e.g., TSO, LRO, and serialization offloads that can more efficiently translate between application data and packets. Furthermore, modern software increasingly batches network I/O to reduce overheads. These changes have led to a mismatch between the packetized interface, which assumes that the NIC and software exchange fixed-size buffers, and the features provided by modern NICs and used by modern software. This incongruence between interface and data adds software complexity and I/O overheads, which in turn limits communication performance. This paper proposes Enso, a new streaming NIC-to-software interface designed to better support how NICs and software interact today. At its core, Enso eschews fixed-size buffers, and instead structures communication as a stream that can be used to send arbitrary data sizes. We show that this change reduces software overheads, reduces PCIe bandwidth requirements, and leads to fewer cache misses. These improvements allow an Enso- based NIC to saturate a 100 Gbps link with minimum-sized packets (forwarding at 148.8 Mpps) using a single core, improve throughput for high-performance network applications by 1.5– 6×, and reduce latency by up to 43%.
BibTeX:
```
@inproceedings{sadok-osdi2023,
  author = {Sadok, Hugo and Atre, Nirav and Zhao, Zhipeng and Berger, Daniel S. and Hoe, James C. and Panda, Aurojit and Sherry, Justine and Wang, Ren},
  title = {Ensō: A Streaming Interface for {NIC}-Application Communication},
  booktitle = {17th {USENIX} Symposium on Operating Systems Design and Implementation (OSDI)},
  year = {2023},
  isbn = {},
  pages = {},
  publisher = {{USENIX} Association},
  month = jul,
  series = {{OSDI}~'23},
  award = {Jay Lepreau Best Paper Award}
}
```
Sherry, J. (2023). The I/O Driven Server: From SmartNICs to Data Movement Controllers. In Computer Communications Review (CCR) (No.3; Vol. 53, Number 3). ACM. [pdf] [abstract] [bibtex]

Abstract: Many researchers are turning to SmartNIC offloads to improve the performance of high-performance networked systems. In this editorial, I discuss why SmartNICs are an especially powerful form factor for improving I/O intensive applications, and how their position in the dataplane enables them to take on central role in managing I/O. Rather than focusing on the benefits of individual offloads, this paper aims to explore the position of SmartNICs in the overall system integration of datacenter servers at the hardware and software level. I argue that SmartNICs should be viewed as ‘data movement controllers’ (NIC-DMCs) which are responsible for tasks involved in moving data between network, CPU, accelerators, and other endpoints: multiplexing/steering, interfacing between protocols, and enforcing I/O policies. I then enumerate open questions in how the hardware and software systems of the future will evolve to accommodate a dedicated NIC-DMC which is independent of the CPU complex.
BibTeX:
```
@techreport{sherry-ccr23,
  title = {The I/O Driven Server: From SmartNICs to Data Movement Controllers},
  author = {Sherry, Justine},
  journal = {Computer Communications Review (CCR)},
  issue_date = {October 2023},
  volume = {53},
  number = {3},
  month = oct,
  year = {2023},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {edge services, services}
}
```
Meng, Z., Atre, N., Xu, M., Sherry, J., & Apostolaki, M. (2023). Confucius Queue Management: Be Fair But Not Too Fast. arXiv ePrint 231.18030. [pdf] [abstract] [bibtex]

Abstract: When many users and unique applications share a congested edge link (e.g., a home network), everyone wants their own application to continue to perform well despite contention over network resources. Traditionally, network engineers have focused on fairness as the key objective to ensure that competing applications are equitably and led by the switch, and hence have deployed fair queueing mechanisms. However, for many network workloads today, strict fairness is directly at odds with equitable application performance. Real-time streaming applications, such as videoconferencing, suffer the most when network performance is volatile (with delay spikes or sudden and dramatic drops in throughput). Unfortunately, "fair" queueing mechanisms lead to extremely volatile network behavior in the presence of bursty and multi-flow applications such as Web traffic. When a sudden burst of new data arrives, fair queueing algorithms rapidly shift resources away from incumbent flows, leading to severe stalls in real-time applications. In this paper, we present Confucius, the first practical queue management scheme to effectively balance fairness against volatility, providing performance outcomes that benefit all applications sharing the contended link. Confucius outperforms realistic queueing schemes by protecting the real-time streaming flows from stalls in competing with more than 95% of websites. Importantly, Confucius does not assume the collaboration of end-hosts, nor does it require manual parameter tuning to achieve good performance.
BibTeX:
```
@misc{meng-arxiv2023,
  title = {{Confucius Queue Management: Be Fair But Not Too Fast}},
  author = {Meng, Zili and Atre, Nirav and Xu, Mingwei and Sherry, Justine and Apostolaki, Maria},
  year = {2023},
  howpublished = {arXiv ePrint 231.18030},
  eprint = {2310.18030},
  archiveprefix = {arXiv},
  primaryclass = {cs.NI}
}
```
Sadok, H., Panda, A., & Sherry, J. (2023, November). Of Apples and Oranges: Fair Comparisons in Heterogenous Systems Evaluation. Proceedings of the Thirty-First Workshop on Hot Topics in Networks (HotNets). [pdf] [abstract] [bibtex]

Abstract: Accelerators, such as GPUs, SmartNICs and FPGAs, are common components of research systems today. This paper focuses on the question of how to fairly compare these systems. This is challenging because it requires comparing systems that use different hardware, e.g., two systems that use two different types of accelerators, or comparing a system that uses an accelerator with one that does not. We argue that fair evaluation in this case requires reporting not just performance, but also the cost of competing systems. We discuss what cost metrics should be used, and propose general principles for incorporating cost in research evaluations.
BibTeX:
```
@inproceedings{sadok-hotnets2023,
  author = {Sadok, Hugo and Panda, Aurojit and Sherry, Justine},
  title = {Of Apples and Oranges: Fair Comparisons in Heterogenous Systems Evaluation},
  year = {2023},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {},
  doi = {},
  booktitle = {Proceedings of the Thirty-First Workshop on Hot Topics in Networks (HotNets)},
  pages = {},
  location = {Boston, Massachusetts},
  month = nov,
  series = {{HotNets}~'23}
}
```

2022

Meng, Z., Guo, Y., Sun, C., Wang, B., Sherry, J., Liu, H. H., & Xu, M. (2022). Achieving Consistent Low Latency for Wireless Real Time Communications with the Shortest Control Loop. Proceedings of the 2022 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). [pdf] [abstract] [bibtex]

Abstract: Real-time communication (RTC) applications like video conferencing or cloud gaming require consistent low latency to provide a seamless interactive experience. However, wireless networks including WiFi and cellular, albeit providing a satisfactory median latency, drastically degrade at the tail due to frequent and substantial wireless bandwidth fluctuations. We observe that the control loop for the sending rate of RTC applications is inflated when congestion happens at the wireless access point (AP), resulting in untimely rate adaption to wireless dynamics. Existing solutions, however, suffer from the inflated control loop and fail to quickly adapt to bandwidth fluctuations. In this paper, we propose Zhuge, a pure wireless AP based solution that reduces the control loop of RTC applications by separating congestion feedback from congested queues. We design a Fortune Teller to precisely estimate per-packet wireless latency upon its arrival at the wireless AP. To make Zhuge deployable at scale, we also design a Feedback Updater that translates the estimated latency to comprehensible feedback messages for various protocols and immediately delivers them back to senders for rate adaption. Trace-driven and real-world evaluation shows that Zhuge reduces the ratio of large tail latency and RTC performance degradation by 17% to 95%.
BibTeX:
```
@inproceedings{meng-sigcomm2022,
  title = {{Achieving Consistent Low Latency for Wireless Real Time Communications with the Shortest Control Loop}},
  author = {Meng, Zili and Guo, Yaning and Sun, Chen and Wang, Bo and Sherry, Justine and Liu, Hongqiang Harry and Xu, Mingwei},
  year = {2022},
  booktitle = {Proceedings of the 2022 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  publisher = {ACM},
  address = {New York, NY, USA}
}
```
Jain, A., Patra, D., Xu, M., Gill, P., & Sherry, J. (2022). The Ukrainian Internet Under Attack: an NDT Perspective. Proceedings of the 2022 ACM Internet Measurement Conference (IMC). [pdf] [abstract] [bibtex]

Abstract: On February 24, 2022, Russia began a large-scale invasion of Ukraine, the first widespread conflict in a country with high levels of network penetration. Because the Internet was designed with resilience under warfare in mind, the war in Ukraine offers the networking community a unique opportunity to evaluate whether and to what extent this design goal has been realized. We provide an early glimpse at Ukrainian network resilience over 54 days of war using data from Measurement Lab’s Network Diagnostic Tool (NDT). We find that NDT users’ network performance did indeed degrade – e.g. with average packet loss rates increasing by as much as 500% relative to pre-wartime baselines in some regions – and that the intensity of the degradation correlated with the presence of Russian troops in the region. Performance degradation also correlated with changes in traceroute paths; we observed an increase in path diversity and significant changes to routing decisions at Ukrainian border Autonomous Systems (ASes) post-invasion. Overall, the use of diverse and changing paths speaks to the resilience of the Internet’s underlying routing algorithms, while the correlated degradation in performance highlights a need for continued efforts to ensure usability and stability during war.
BibTeX:
```
@inproceedings{jain-imc2022,
  author = {Jain, Akshath and Patra, Deepayan and Xu, Mike and Gill, Phillipa and Sherry, Justine},
  title = {The Ukrainian Internet Under Attack: an NDT Perspective},
  series = {IMC '22},
  booktitle = {Proceedings of the 2022 ACM Internet Measurement Conference (IMC)},
  year = {2022},
  publisher = {ACM},
  address = {New York, NY, USA}
}
```
Chiang, E., Atre, N., Sadok, H., Wang, W., & Sherry, J. (2022). Robust Heuristics: Attacks and Defenses for Job Size Estimation in WSJF Systems [CMU-CS-22-117]. Carnegie Mellon University, Computer Science Department. [pdf] [abstract] [bibtex]

Abstract: Packet scheduling algorithms control the order in which a system serves network packets, which can have significant impact on system performance. Recent work in adversarial scheduling has shown that Weighted Shortest Job First (WSJF) – scheduling packets by the ratio of job size to packet size – significantly mitigates a system’s susceptibility to algorithmic complexity attacks (ACAs), a particularly dangerous class of Denial-of-Service (DoS) attacks. WSJF relies on knowledge of a packet’s job size, information that is not available a priori. In this work, we explore the theoretical implications of using heuristics for job size estimation. Further, we consider preemption as another technique that may help protect systems when job sizes are unknown. We find that heuristics with certain properties (e.g., estimated job-size-to-packet-size ratios increasing monotonically with the actual ratios, step function-based job categorization) can protect systems against ACAs with varying guarantees, while preemption alone does not.
BibTeX:
```
@techreport{chiang-cmutr2022,
  title = {Robust Heuristics: Attacks and Defenses for Job Size Estimation in WSJF Systems},
  author = {Chiang, Erica and Atre, Nirav and Sadok, Hugo and Wang, Weina and Sherry, Justine},
  institution = {Carnegie Mellon University, Computer Science Department},
  year = {2022},
  type = {CMU-CS-22-117}
}
```
Pereira, F., Matos, G., Sadok, H., Kim, D., Martins, R., Sherry, J., Ramos, F., & Pedrosa, L. (2022). Automatic Generation of Network Function Accelerators Using Component-Based Synthesis. Proceedings of the 2022 ACM Symposium on SDN Research (SOSR). [pdf] [abstract] [bibtex]

Abstract: Designing networked systems that take best advantage of heterogeneous dataplanes – e.g., dividing packet processing across both a PISA switch and an x86 CPU – can improve performance, efficiency, and resource consumption. However, programming for multiple hardware targets remains challenging because developers must learn platform-specific languages and skills. While some ‘write-once, run-anywhere’ compilers exist, they are unable to consider a range of implementation options to tune the NF to meet performance objectives. In this short paper, we explore preliminary ideas towards a compiler that explores a large search space of different mappings of functionality to hardware. This exploration can be tuned for a programmer-specified objective, such as minimizing memory consumption or maximizing network throughput. Our initial prototype, SyNAPSE, is based on a methodology called component-based synthesis and supports deployments across x86 and Tofino platforms. Relative to a baseline compiler which only generates one deployment decision, SyNAPSE uncovers thousands of deployment options – including a deployment which reduces the amount of controller traffic by an order of magnitude, and another deployment which halves memory usage.
BibTeX:
```
@inproceedings{pereira-sosr2022,
  author = {Pereira, Francisco and Matos, Gonçalo and Sadok, Hugo and Kim, Daehyeok and Martins, Ruben and Sherry, Justine and Ramos, Fernando and Pedrosa, Luis},
  title = {Automatic Generation of Network Function Accelerators Using Component-Based Synthesis},
  year = {2022},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  booktitle = {Proceedings of the 2022 ACM Symposium on SDN Research (SOSR)},
  location = {Virtual Event, USA},
  series = {{SOSR}~'22}
}
```
Atre, N., Sadok, H., Chiang, E., Wang, W., & Sherry, J. (2022). SurgeProtector: Mitigating Temporal Algorithmic Complexity Attacks using Adversarial Scheduling. Proceedings of the 2022 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). [pdf] [abstract] [bibtex] [code]

Abstract: Algorithmic complexity attacks (ACAs) are a class of denial-of-service (DoS) attacks where an attacker uses a small amount of adversarial traffic to induce a large amount of work in the target system, pushing the system into overload and causing it to drop packets from innocent users. ACAs are particularly dangerous because, unlike volumetric DoS attacks, ACAs don’t require a significant network bandwidth investment from the attacker. Today, network functions (NFs) on the Internet must be painstakingly designed and engineered on a case-by-case basis to mitigate the debilitating impact of ACAs. Further, the resulting designs tend to be overly conservative in their attack mitigation strategy, limiting the innocent traffic that the NF can serve under common-case operation. We instead propose a general framework to make any NF more resilient to ACAs without the limitations of prior approaches. Our framework, SurgeProtector, uses the NF’s scheduler to mitigate the impact of ACAs using a very traditional scheduling algorithm: weighted-shortest-job-first (WSJF). To evaluate SurgeProtector, we propose a new metric of vulnerability called the Displacement Factor (DF), which quantifies the ‘harm per unit effort’ which an adversary can inflict on the system. We provide novel, adversarial analysis of WSJF and show that any system using this policy has a worst-case DF of only a small constant, where traditional schedulers place no upper bound on the DF. Illustrating that SurgeProtector is not only theoretically, but practically robust, we integrate SurgeProtector into an open source intrusion detection system (IDS). Under simulated attack, the SurgeProtector-augmented IDS suffers 90-99% lower innocent traffic loss than the original system.
BibTeX:
```
@inproceedings{atre-sigcomm2022,
  author = {Atre, Nirav and Sadok, Hugo and Chiang, Erica and Wang, Weina and Sherry, Justine},
  title = {{SurgeProtector: Mitigating Temporal Algorithmic Complexity Attacks using Adversarial Scheduling}},
  year = {2022},
  booktitle = {Proceedings of the 2022 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  publisher = {ACM},
  address = {New York, NY, USA},
  code = {https://github.com/cmu-snap/SurgeProtector}
}
```

2021

Ferreira, M., Narayan, A., Lynce, I., Martins, R., & Sherry, J. (2021). Counterfeiting Congestion Control Algorithms. In Proceedings of the Twentieth ACM Workshop on Hot Topics in Networks (HotNets). ACM. [pdf] [abstract] [bibtex]

Abstract: Congestion Control Algorithms (CCAs) impact numerous desirable Internet properties such as performance, stability, and fairness. Hence, the networking community invests substantial effort into studying whether new algorithms are safe for wide-scale deployment. However, operators today are continuously innovating and some deployed CCAs are unpublished – either because the CCA is in beta or because it is considered proprietary. How can the networking community evaluate these new CCAs when their inner workings are unknown?

In this paper, we propose ‘counterfeit congestion control algorithms’ – reverse-engineered implementations derived using program synthesis based on observations of the original implementation. Using the counterfeit (synthesized) CCA implementation, researchers can then evaluate the CCA using controlled empirical testbeds or mathematical analysis, even without access to the original implementation. Our initial prototype, ‘Mister 880,’ can synthesize several basic CCAs including a simplified Reno using only a few traces.
BibTeX:
```
@workshop{ferreira-hotnets2021,
  author = {Ferreira, Margarida and Narayan, Akshay and Lynce, Ines and Martins, Ruben and Sherry, Justine},
  title = {{Counterfeiting Congestion Control Algorithms}},
  booktitle = {Proceedings of the Twentieth ACM Workshop on Hot Topics in Networks (HotNets)},
  year = {2021},
  publisher = {ACM},
  address = {New York, NY, USA}
}
```
Philip, A. A., Ware, R., Athapathu, R., Sherry, J., & Sekar, V. (2021). Revisiting TCP Congestion Control Throughput Models & Fairness Properties At Scale. Proceedings of the 2021 ACM Internet Measurement Conference (IMC). [pdf] [abstract] [bibtex]

Abstract: Abstract Much of our understanding of congestion control algorithm (CCA) throughput and fairness is derived from models and measurements that (implicitly) assume congestion occurs in the last mile. That is, these studies evaluated CCAs in “small scale” edge settings at the scale of tens of flows and up to a few hundred Mbps bandwidths. However, recent measurements show that congestion can also occur at the core of the Internet on inter-provider links, where thousands of flows share high bandwidth links. Hence, a natural question is: Does our understanding of CCA throughput and fairness continue to hold at the scale found in the core of the Internet, with 1000s of flows and Gbps bandwidths?

Our preliminary experimental study finds that some expectations derived in the edge setting do not hold at scale. For example, using loss rate as a parameter to the Mathis model to estimate TCP NewReno throughput works well in edge settings, but does not provide accurate throughput estimates when thousands of flows compete at high bandwidths. In addition, BBR – which achieves good fairness at the edge when competing solely with other BBR flows – can become very unfair to other BBR flows at the scale of the core of the Internet. In this paper, we discuss these results and others, as well as key implications for future CCA analysis and evaluation.
BibTeX:
```
@inproceedings{philip-imc2021,
  author = {Philip, Adithya Abraham and Ware, Ranysha and Athapathu, Rukshani and Sherry, Justine and Sekar, Vyas},
  title = {{Revisiting TCP Congestion Control Throughput Models \& Fairness Properties At Scale}},
  series = {IMC '21},
  booktitle = {Proceedings of the 2021 ACM Internet Measurement Conference (IMC)},
  year = {2021},
  location = {Virtual},
  publisher = {ACM},
  address = {New York, NY, USA}
}
```
Sadok, H., Zhao, Z., Choung, V., Atre, N., Berger, D. S., Hoe, J. C., Panda, A., & Sherry, J. (2021). We Need Kernel Interposition over the Network Dataplane. In Proceedings of the XVIII Workshop on Hot Topics in Operating Systems. ACM. [pdf] [abstract] [bibtex]

Abstract: Kernel-bypass network APIs, which allow applications to circumvent the kernel and interface directly with the NIC hardware, have recently emerged as one of the main tools for improving application network performance. However, allowing applications to circumvent the kernel makes it impossible to use tools (e.g., tcpdump) or impose policies (e.g., QoS and filters) that need to consider traffic sent by different applications running on a host. This makes maintainability and manageability a challenge for kernel-bypass applications. In response we propose Kernel On-Path Interposition (KOPI), in which traditional kernel dataplane functionality is retained but implemented in a fully programmable SmartNIC. We hypothesize that KOPI can support the same tools and policies as the kernel stack while retaining the performance benefits of kernel bypass.
BibTeX:
```
@workshop{sadok-hotos2021,
  author = {Sadok, Hugo and Zhao, Zhipeng and Choung, Valerie and Atre, Nirav and Berger, Daniel S. and Hoe, James C. and Panda, Aurojit and Sherry, Justine},
  title = {We Need Kernel Interposition over the Network Dataplane},
  year = {2021},
  isbn = {},
  publisher = {ACM},
  address = {New York, NY, USA},
  booktitle = {Proceedings of the XVIII Workshop on Hot Topics in Operating Systems},
  month = may,
  series = {{HotOS}~'21}
}
```
Liu, G., Sadok, H., Kohlbrenner, A., Parno, B., Sekar, V., & Sherry, J. (2021). Don’t Yank My Chain: Auditable NF Service Chaining. Proceedings of the 18th USENIX Symposium on Networked Systems Design and Implementation (NSDI). [pdf] [abstract] [bibtex]

Abstract: Auditing is a crucial component of network security practices in organizations with sensitive information, such as banks and hospitals. Unfortunately, network function virtualization (NFV) is viewed as incompatible with auditing practices which verify that security functions operate correctly. In this paper, we bring the benefits of NFV to security-sensitive environments with the design and implementation of AuditBox. AuditBox not only makes NFV compatible with auditing, but also provides stronger guarantees than traditional auditing procedures. In traditional auditing, administrators test the system for correctness on a schedule, e.g., once per month. In contrast, AuditBox continuously self-monitors for correct behavior, proving runtime guarantees that the system remains in compliance with policy goals. Furthermore, AuditBox remains compatible with traditional auditing practices by providing sampled logs which still allow auditors to inspect system behavior manually. AuditBox achieves its goals by combining trusted execution environments with a lightweight verified routing protocol (VRP). Despite the complexity of routing policies for service-function chains relative to traditional routing, AuditBox’s protocol introduces 72-80% fewer bytes of overhead per packet (in a 5-hop service chain) and provides 61-67% higher goodput than prior work on VRPs designed for the Internet.
BibTeX:
```
@inproceedings{liu-nsdi2021,
  author = {Liu, Guyue and Sadok, Hugo and Kohlbrenner, Anne and Parno, Bryan and Sekar, Vyas and Sherry, Justine},
  title = {{Don't Yank My Chain: Auditable NF Service Chaining}},
  booktitle = {Proceedings of the 18th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI})},
  series = {NSDI '21},
  year = {2021},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA}
}
```

2020

Zhao, Z., Sadok, H., Atre, N., Hoe, J., Sekar, V., & Sherry, J. (2020). Achieving 100Gbps Intrusion Prevention on a Single Server. Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI). [pdf] [abstract] [bibtex] [code]
Press Coverage: The Morning Paper, Dark Reading

Abstract: Intrusion Detection and Prevention Systems (IDS/IPS) are among the most demanding stateful network functions. Today’s network operators are faced with securing 100Gbps networks with 100K+ concurrent connections by deploying IDS/IPSes to search for 10K+ rules concurrently. In this paper we set an ambitious goal: Can we do all of the above in a single server? Through the Pigasus IDS/IPS, we show that this goal is achievable, perhaps for the first time, by building on recent advances in FPGA-capable SmartNICs. Pigasus’ design takes an FPGA-first approach, where the majority of processing, and all state and control flow are managed on the FPGA. However, doing so requires careful design of algorithms and data structures to ensure fast common-case performance while densely utilizing system memory resources. Our experiments with a variety of traces show that Pigasus can support 100Gbps using an average of 5 cores and 1 FPGA, using 38x less wattage than a CPU-only approach.
BibTeX:
```
@inproceedings{zhao-osdi20,
  author = {Zhao, Zhipeng and Sadok, Hugo and Atre, Nirav and Hoe, James and Sekar, Vyas and Sherry, Justine},
  title = {Achieving 100Gbps Intrusion Prevention on a Single Server},
  booktitle = {Proceedings of the 14th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI})},
  series = {OSDI '20},
  year = {2020},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA},
  code = {https://github.com/cmu-snap/pigasus},
  press = {The Morning Paper, Dark Reading}
}
```
Atre, N., Sherry, J., Wang, W., & Berger, D. (2020). Caching with Delayed Hits. Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). [pdf] [abstract] [bibtex] [code]

Abstract: Caches are at the heart of latency-sensitive systems. In this paper, we identify a growing challenge for the design of latency-minimizing caches called delayed hits. Delayed hits occur at high throughput, when multiple requests to the same object queue up before an outstanding cache miss is resolved. This effect increases latencies beyond the predictions of traditional caching models and simulations; in fact, caching algorithms are designed as if delayed hits simply didn’t exist. We show that traditional caching strategies – even so called ‘optimal’ algorithms – can fail to minimize latency in the presence of delayed hits. We design a new, latency-optimal offline caching algorithm called belatedly which reduces average latencies by up to 45% compared to the traditional, hit-rate optimal Belady’s algorithm. Using belatedly as our guide, we show that incorporating an object’s ‘aggregate delay’ into online caching heuristics can improve latencies for practical caching systems by up to 40%. We implement a prototype, Minimum-AggregateDelay (mad), within a CDN caching node. Using a CDN production trace and backends deployed in different geographic locations, we show that mad can reduce latencies by 12-18% depending on the backend RTTs.
BibTeX:
```
@inproceedings{atre-sigcomm20,
  author = {Atre, Nirav and Sherry, Justine and Wang, Weina and Berger, Daniel},
  title = {Caching with Delayed Hits},
  booktitle = {Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '20},
  year = {2020},
  publisher = {ACM},
  address = {New York, NY, USA},
  code = {https://github.com/cmu-snap/Delayed-Hits}
}
```
Manousis, A., Sharma, R. A., Sekar, V., & Sherry, J. (2020). Contention-Aware Performance Prediction for Virtualized Network Functions. Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). [pdf] [abstract] [bibtex] [code]

Abstract: At the core of Network Functions Virtualization lie Network Functions (NFs) that run co-resident on the same server, contend over its hardware resources and, thus, might suffer from reduced performance relative to running alone on the same hardware. Therefore, to efficiently manage resources and meet performance SLAs, NFV orchestrators need mechanisms to predict contention-induced performance degradation. In this work, we find that prior performance prediction frameworks suffer from poor accuracy on modern architectures and NFs because they treat memory as a monolithic whole. In addition, we show that, in practice, there exist multiple components of the memory subsystem that can separately induce contention. By precisely characterizing (1) the pressure each NF applies on the server’s shared hardware resources (contentiousness) and (2) how susceptible each NF is to performance drop due to competing contentiousness (sensitivity), we develop SLOMO, a multivariable performance prediction framework for Network Functions. We show that relative to prior work SLOMO reduces prediction error by 2-5x and enables 6-14% more efficient cluster utilization. SLOMO’s codebase can be found at https://github.com/cmu-snap/SLOMO.
BibTeX:
```
@inproceedings{manousis-sigcomm20,
  author = {Manousis, Antonis and Sharma, Rahul Anand and Sekar, Vyas and Sherry, Justine},
  title = {Contention-Aware Performance Prediction for Virtualized Network Functions},
  booktitle = {Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '20},
  year = {2020},
  publisher = {ACM},
  address = {New York, NY, USA},
  code = {https://github.com/cmu-snap/SLOMO}
}
```

2019

Ware, R., Mukerjee, M., Seshan, S., & Sherry, J. (2019). Modeling BBR’s Interactions with Loss-Based Congestion Control. Proceedings of the 2019 ACM Internet Measurement Conference (IMC). [pdf] [abstract] [bibtex]
Press Coverage: The Telegraph, Wired Italian, Vice

Abstract: BBR is a new congestion control algorithm (CCA) deployed for Chromium QUIC and the Linux kernel. As the default CCA for YouTube (which commands 11+% of Internet traffic), BBR has rapidly become a major player in Internet congestion control. BBR’s fairness or friendliness to other connections has recently come under scrutiny as measurements from multiple research groups have shown undesirable outcomes when BBR competes with traditional CCAs. One such outcome is a fixed, 40% proportion of link capacity consumed by a single BBR flow when competing with as many as 16 loss-based algorithms like Cubic or Reno. In this short paper, we provide the first model capturing BBR’s behavior in competition with loss-based CCAs. Our model is coupled with practical experiments to validate its implications. The key lesson is this: under competition, BBR becomes window-limited by its ‘in-flight cap’ which then determines BBR’s bandwidth consumption. By modeling the value of BBR’s in-flight cap under varying network conditions, we can predict BBR’s throughput when competing against Cubic flows with a median error of 5%, and against Reno with a median of 8%.
BibTeX:
```
@inproceedings{ware-imc2019,
  author = {Ware, Ranysha and Mukerjee, Matthew and Seshan, Srini and Sherry, Justine},
  title = {Modeling BBR's Interactions with Loss-Based Congestion Control},
  booktitle = {Proceedings of the 2019 ACM Internet Measurement Conference (IMC)},
  series = {IMC '19},
  year = {2019},
  location = {Amsterdam, Netherlands},
  publisher = {ACM},
  address = {New York, NY, USA},
  press = {The Telegraph, Wired Italian, Vice}
}
```
Ware, R., Mukerjee, M., Seshan, S., & Sherry, J. (2019). Beyond Jain’s Fairness Index: Setting the Bar For The Deployment of Congestion Control Algorithms. In Proceedings of the Eighteenth ACM Workshop on Hot Topics in Networks (HotNets). ACM. Awarded IRTF Applied Networking Research Prize. [pdf] [abstract] [bibtex]

Abstract: The Internet community faces an explosion in new congestion control algorithms such as Copa, Sprout, PCC, and BBR. In this paper, we discuss considerations for deploying new algorithms on the Internet. While past efforts have focused on achieving ‘fairness’ or ‘friendliness’ between new algorithms and deployed algorithms, we instead advocate for an approach centered on quantifying and limiting harm caused by the new algorithm on the status quo. We argue that a harm-based approach is more practical, more future proof, and handles a wider range of quality metrics than traditional notions of fairness and friendliness.
BibTeX:
```
@workshop{ware-hotnets19,
  author = {Ware, Ranysha and Mukerjee, Matthew and Seshan, Srinivasan and Sherry, Justine},
  title = {{Beyond Jain’s Fairness Index: Setting the Bar For The Deployment of Congestion Control Algorithms}},
  booktitle = {Proceedings of the Eighteenth ACM Workshop on Hot Topics in Networks (HotNets)},
  year = {2019},
  location = {Princeton, New Jersey},
  publisher = {ACM},
  address = {New York, NY, USA},
  award = {IRTF Applied Networking Research Prize}
}
```
Antichi, G., Benson, T., Foster, N., Ramos, F. M. V., & Sherry, J. (2019). Programmable Network Data Planes (Dagstuhl Seminar 19141). Dagstuhl Reports, 9(3), 178–201. [pdf] [abstract] [bibtex]

Abstract: Software-Defined Networking (SDN) started the "softwarization" of networking. By relocating the control plane onto a logically centralized machine, SDN gave programmers the ability to specify the behavior of the network directly in software, unleashing a major transformation both in the networking research community and in industry. However, a key limitation of the original SDN vision was the limited functionality exposed in protocols such as OpenFlow. Recent efforts to develop reconfigurable data planes and high-level network programming languages has made it possible to truly program the data plane – i.e., to change the way packets are processed on network devices. The ability to fully program the network-both control and data plane-is expected have a profound impact on the field of networking in the coming years. In this seminar we discussed the key questions and problems to be addressed in the next 10 years on the area of programmable dataplanes, and how they will potentially shape the future of networking. As an outcome we are now working on a research agenda to serve as the start of a discussion with networking researchers, practitioners, and the industry as a whole. This report is a first step towards that goal.
BibTeX:
```
@article{antichi-dagstuhl19,
  author = {Antichi, Gianni and Benson, Theophilus and Foster, Nate and Ramos, Fernando M. V. and Sherry, Justine},
  title = {{Programmable Network Data Planes (Dagstuhl Seminar 19141)}},
  pages = {178--201},
  journal = {Dagstuhl Reports},
  issn = {2192-5283},
  year = {2019},
  volume = {9},
  number = {3},
  editor = {Antichi, Gianni and Benson, Theophilus and Foster, Nate and Ramos, Fernando M. V. and Sherry, Justine},
  publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address = {Dagstuhl, Germany}
}
```

2018

Woo, S., Sherry, J., Han, S., Moon, S., Ratnasamy, S., & Shenker, S. (2018). Elastic Scaling of Stateful Network Functions. Proceedings of the 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI), 299–312. [pdf] [abstract] [bibtex]

Abstract: Elastic scaling is a central promise of NFV but has been hard to realize in practice. The difficulty arises because most Network Functions (NFs) are stateful and this state need to be shared across NF instances. Implementing state sharing while meeting the throughput and latency requirements placed on NFs is challenging and, to date, no solution exists that meets NFV’s performance goals for the full spectrum of NFs. S6 is a new framework that supports elastic scaling of NFs without compromising performance. Its design builds on the insight that a distributed shared state abstraction is well-suited to the NFV context. We organize state as a distributed shared object (DSO) space and extend the DSO concept with techniques designed to meet the need for elasticity and high-performance in NFV workloads. S6 simplifies development: NF writers program with no awareness of how state is distributed and shared. Instead, S6 transparently migrates state and handles accesses to shared state. In our evaluation, compared to recent solutions for dynamic scaling of NFs, S6 improves performance by 100x during scaling events, and by 2-5x under normal operation.
BibTeX:
```
@inproceedings{woo-nsdi18,
  author = {Woo, Shinae and Sherry, Justine and Han, Sangjin and Moon, Sue and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Elastic Scaling of Stateful Network Functions},
  booktitle = {Proceedings of the 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI})},
  year = {2018},
  isbn = {978-1-931971-43-0},
  address = {Renton, WA},
  pages = {299--312},
  publisher = {{USENIX} Association}
}
```

Fang, V., Lévai, T., Han, S., Ratnasamy, S., Raghavan, B., & Sherry, J. (2018). Evaluating Software Switches: Hard or Hopeless? (UCB/EECS-2018-136; Number UCB/EECS-2018-136). EECS Department, University of California, Berkeley. [pdf] [bibtex]

BibTeX:

@techreport{fang-techreport18,
  author = {Fang, Vivian and Lévai, Tamás and Han, Sangjin and Ratnasamy, Sylvia and Raghavan, Barath and Sherry, Justine},
  title = {Evaluating Software Switches: Hard or Hopeless?},
  institution = {EECS Department, University of California, Berkeley},
  year = {2018},
  month = oct,
  number = {UCB/EECS-2018-136}
}

2017

Martins, R., & Sherry, J. (2017). Lisbon Wedding: Seating Arrangements Using MaxSAT. In C. Antsotegui, F. Bacchus, M. Jarvisalo, & R. Martins (Eds.), MaxSAT Evaluation 2017: Solver and Benchmark Descriptions (B-2017-2; Number B-2017-2, pp. 25–26). Department of Computer Science, University of Helsinki. [pdf] [abstract] [bibtex]

Abstract: Having a perfect seating arrangement for weddings is not an easy task. Can Alice sit next to Bob? Can we ensure that Charles and his ex-girlfriend Eve not be seated together? Meeting such constraints is classically one of the most difficult tasks in planning a wedding – and guests will not accept ’it’s NP-complete!’ as an excuse for poor seating arrangements. We discuss how MaxSAT can provide the optimal seating arrangement for a perfect wedding, saving brides and grooms (including the authors) from hours of struggle.
BibTeX:
```
@techreport{martins-mse17,
  author = {Martins, Ruben and Sherry, Justine},
  title = {{Lisbon Wedding: Seating Arrangements Using MaxSAT}},
  institution = {{Department of Computer Science, University of Helsinki}},
  year = {2017},
  month = nov,
  number = {B-2017-2},
  booktitle = {MaxSAT Evaluation 2017: Solver and Benchmark Descriptions
  },
  editor = {Antsotegui, Carlos and Bacchus, Fahiem and Jarvisalo, Matti and Martins, Ruben},
  pages = {25--26}
}
```

2016

Sherry, J. (2016). Middleboxes as a Cloud Service (Number UCB/EECS-2016-165). EECS Department, University of California, Berkeley. Awarded SIGCOMM Doctoral Dissertation Award. [pdf] [abstract] [bibtex]

Abstract: Today’s networks do much more than merely deliver packets. Through the deployment of middleboxes, enterprise networks today provide improved security – e.g., filtering malicious content – and performance capabilities – e.g., caching frequently accessed content. Although middleboxes are deployed widely in enterprises, they bring with them many challenges: they are complicated to manage, expensive, prone to failures, and challenge privacy expectations. In this thesis, we aim to bring the benefits of cloud computing to networking. We argue that middlebox services can be outsourced to cloud providers in a similar fashion to how mail, compute, and storage are today outsourced. We begin by presenting APLOMB, a system that allows enterprises to outsource middlebox processing to a third party cloud or ISP. For enterprise networks, APLOMB can reduce costs, ease management, and provide resources for scalability and failover. For service providers, APLOMB offers new customers and business opportunities, but also presents new challenges. Middleboxes have tighter performance demands than existing cloud services, and hence supporting APLOMB requires redesigning software at the cloud. We re-consider classical cloud challenges including fault-tolerance and privacy, showing how to implement middlebox software solutions with throughput and latency 2-4 orders of magnitude more efficient than general-purpose cloud approaches.
BibTeX:
```
@thesis{sherry-phdthesis,
  author = {Sherry, Justine},
  title = {Middleboxes as a Cloud Service},
  school = {EECS Department, University of California, Berkeley},
  year = {2016},
  month = nov,
  number = {UCB/EECS-2016-165},
  award = {SIGCOMM Doctoral Dissertation Award}
}
```
Panda, A., McCauley, J. M., Tootoonchian, A., Sherry, J., Koponen, T., Ratnasamy, S., & Shenker, S. (2016). Open Network Interfaces for Carrier Networks. Computer Communications Review (CCR), 46(1), 5–11. [pdf] [abstract] [bibtex]

Abstract: With the increasing prevalence of middleboxes, networks today are capable of doing far more than merely delivering packets. In fact, to realize their full potential for both supporting innovation and generating revenue, we should think of carrier networks as service-delivery platforms. This requires providing open interfaces that allow third-parties to leverage carrier-network infrastructures in building global-scale services. In this position paper, we take the first steps towards making this vision concrete by identifying a few such interfaces that are both simple-to-support and safe-to-deploy (for the carrier) while being flexibly useful (for third-parties).
BibTeX:
```
@article{panda-ccr16,
  author = {Panda, Aurojit and McCauley, James Murphy and Tootoonchian, Amin and Sherry, Justine and Koponen, Teemu and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Open Network Interfaces for Carrier Networks},
  journal = {Computer Communications Review (CCR)},
  issue_date = {January 2016},
  volume = {46},
  number = {1},
  month = jan,
  year = {2016},
  pages = {5--11},
  numpages = {7},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {edge services, services}
}
```
Lan, C., Sherry, J., Popa, R. A., Ratnasamy, S., & Liu, Z. (2016). Embark: Securely Outsourcing Middleboxes to the Cloud. Proceedings of the 13th USENIX Conference on Networked Systems Design and Implementation (NSDI), 255–273. [pdf] [abstract] [bibtex]

Abstract: It is increasingly common for enterprises and other organizations to outsource network processing to the cloud. For example, enterprises may outsource firewalling, caching, and deep packet inspection, just as they outsource compute and storage. However, this poses a threat to enterprise confidentiality because the cloud provider gains access to the organization’s traffic. We design and build Embark, the first system that enables a cloud provider to support middlebox outsourcing while maintaining the client’s confidentiality. Embark encrypts the traffic that reaches the cloud and enables the cloud to process the encrypted traffic without decrypting it. Embark supports a wide-range of middleboxes such as firewalls, NATs, web proxies, load balancers, and data exfiltration systems. Our evaluation shows that Embark supports these applications with competitive performance.
BibTeX:
```
@inproceedings{lan-nsdi16,
  author = {Lan, Chang and Sherry, Justine and Popa, Raluca Ada and Ratnasamy, Sylvia and Liu, Zhi},
  title = {Embark: Securely Outsourcing Middleboxes to the Cloud},
  booktitle = {Proceedings of the 13th USENIX Conference on Networked Systems Design and Implementation (NSDI)},
  series = {NSDI'16},
  year = {2016},
  location = {Santa Clara, CA},
  pages = {255--273},
  numpages = {19},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA}
}
```

Bailis, P., Sherry, J., & Peter, S. (2016). Introducing Research for Practice: NFV and Middleboxes. In Queue (Vol. 14, Number 2, pp. 70:76–70:90). ACM. [pdf] [bibtex]

BibTeX:

@misc{bailis-queue16,
  author = {Bailis, Peter and Sherry, Justine and Peter, Simon},
  title = {Introducing Research for Practice: NFV and Middleboxes},
  journal = {Queue},
  issue_date = {March-April 2016},
  volume = {14},
  number = {2},
  month = apr,
  year = {2016},
  pages = {70:76--70:90},
  articleno = {70},
  numpages = {15},
  publisher = {ACM},
  address = {New York, NY, USA}
}

2015

Sherry, J., Lan, C., Popa, R. A., & Ratnasamy, S. (2015). BlindBox: Deep Packet Inspection over Encrypted Traffic. Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM), 213–226. [pdf] [abstract] [bibtex]
Press Coverage: The Morning Paper

Abstract: Many network middleboxes perform deep packet inspection (DPI), a set of useful tasks which examine packet payloads. These tasks include intrusion detection (IDS), exfiltration detection, and parental filtering. However, a long-standing issue is that once packets are sent over HTTPS, middleboxes can no longer accomplish their tasks because the payloads are encrypted. Hence, one is faced with the choice of only one of two desirable properties: the functionality of middleboxes and the privacy of encryption. We propose BlindBox, the first system that simultaneously provides both of these properties. The approach of BlindBox is to perform the deep-packet inspection directly on the encrypted traffic. BlindBox realizes this approach through a new protocol and new encryption schemes. We demonstrate that BlindBox enables applications such as IDS, exfiltration detection and parental filtering, and supports real rulesets from both open-source and industrial DPI systems. We implemented BlindBox and showed that it is practical for settings with long-lived HTTPS connections. Moreover, its core encryption scheme is 3-6 orders of magnitude faster than existing relevant cryptographic schemes.
BibTeX:
```
@inproceedings{sherry-sigcomm15a,
  author = {Sherry, Justine and Lan, Chang and Popa, Raluca Ada and Ratnasamy, Sylvia},
  title = {BlindBox: Deep Packet Inspection over Encrypted Traffic},
  booktitle = {Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '15},
  year = {2015},
  location = {London, United Kingdom},
  pages = {213--226},
  numpages = {14},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {middlebox privacy, network privacy, searchable encryption},
  press = {The Morning Paper}
}
```
Sherry, J., Gao, P. X., Basu, S., Panda, A., Krishnamurthy, A., Maciocco, C., Manesh, M., Martins, J., Ratnasamy, S., Rizzo, L., & Shenker, S. (2015). Rollback-Recovery for Middleboxes. Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM), 227–240. Awarded Best Student Paper. [pdf] [abstract] [bibtex]

Abstract: Network middleboxes must offer high availability, with automatic failover when a device fails. Achieving high availability is challenging because failover must correctly restore lost state (e.g., activity logs, port mappings) but must do so quickly (e.g., in less than typical transport timeout values to minimize disruption to applications) and with little overhead to failure-free operation (e.g., additional per-packet latencies of 10-100s of us). No existing middlebox design provides failover that is correct, fast to recover, and imposes little increased latency on failure-free operations. We present a new design for fault-tolerance in middleboxes that achieves these three goals. Our system, FTMB (for Fault-Tolerant MiddleBox), adopts the classical approach of "rollback recovery" in which a system uses information logged during normal operation to correctly reconstruct state after a failure. However, traditional rollback recovery cannot maintain high throughput given the frequent output rate of middleboxes. Hence, we design a novel solution to record middlebox state which relies on two mechanisms: (1) ’ordered logging’, which provides lightweight logging of the information needed after recovery, and (2) a ‘parallel release’ algorithm which, when coupled with ordered logging, ensures that recovery is always correct. We implement ordered logging and parallel release in Click and show that for our test applications our design adds only 30\mus of latency to median per packet latencies. Our system introduces moderate throughput overheads (5-30%) and can reconstruct lost state in 40-275ms for practical systems.
BibTeX:
```
@inproceedings{sherry-sigcomm15b,
  author = {Sherry, Justine and Gao, Peter Xiang and Basu, Soumya and Panda, Aurojit and Krishnamurthy, Arvind and Maciocco, Christian and Manesh, Maziar and Martins, Jo\~{a}o and Ratnasamy, Sylvia and Rizzo, Luigi and Shenker, Scott},
  title = {Rollback-Recovery for Middleboxes},
  booktitle = {Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '15},
  year = {2015},
  location = {London, United Kingdom},
  pages = {227--240},
  numpages = {14},
  publisher = {ACM},
  award = {Best Student Paper},
  address = {New York, NY, USA},
  keywords = {middlebox reliability, parallel fault-tolerance}
}
```
Jang, K., Sherry, J., Ballani, H., & Moncaster, T. (2015). Silo: Predictable Message Latency in the Cloud. Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM), 435–448. [pdf] [abstract] [bibtex]

Abstract: Many cloud applications can benefit from guaranteed latency for their network messages, however providing such predictability is hard, especially in multi-tenant datacenters. We identify three key requirements for such predictability: guaranteed network bandwidth, guaranteed packet delay and guaranteed burst allowance. We present Silo, a system that offers these guarantees in multi-tenant datacenters. Silo leverages the tight coupling between bandwidth and delay: controlling tenant bandwidth leads to deterministic bounds on network queuing delay. Silo builds upon network calculus to place tenant VMs with competing requirements such that they can coexist. A novel hypervisor-based policing mechanism achieves packet pacing at sub-microsecond granularity, ensuring tenants do not exceed their allowances. We have implemented a Silo prototype comprising a VM placement manager and a Windows filter driver. Silo does not require any changes to applications, guest OSes or network switches. We show that Silo can ensure predictable message latency for cloud applications while imposing low overhead.
BibTeX:
```
@inproceedings{jang-sigcomm15,
  author = {Jang, Keon and Sherry, Justine and Ballani, Hitesh and Moncaster, Toby},
  title = {Silo: Predictable Message Latency in the Cloud},
  booktitle = {Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '15},
  year = {2015},
  location = {London, United Kingdom},
  pages = {435--448},
  numpages = {14},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {guaranteed latency, latency SLA, network QoS, network calculus, traffic pacing}
}
```

2014

Mittal, R., Sherry, J., Ratnasamy, S., & Shenker, S. (2014). Recursively Cautious Congestion Control. Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation (NSDI), 373–385. [pdf] [abstract] [bibtex]

Abstract: TCP’s congestion control is deliberately cautious, avoiding network overloads by starting with a small initial window and then iteratively ramping up. As a result, it often takes flows several round-trip times to fully utilize the available bandwidth. In this paper we propose RC3, a technique to quickly take advantage of available capacity from the very first RTT. RC3 uses several levels of lower priority service and a modified TCP behavior to achieve near-optimal throughputs while preserving TCP-friendliness and fairness. We implement RC3 in the Linux kernel and in NS-3. In common wide-area scenarios, RC3 results in over 40% reduction in average flow completion times, with strongest improvements - more than 70% reduction in flow completion time - seen in medium to large sized (100KB - 3MB) flows.
BibTeX:
```
@inproceedings{mittal-nsdi14,
  author = {Mittal, Radhika and Sherry, Justine and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Recursively Cautious Congestion Control},
  booktitle = {Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation (NSDI)},
  series = {NSDI'14},
  year = {2014},
  location = {Seattle, WA},
  pages = {373--385},
  numpages = {13},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA}
}
```

2013

Mittal, R., Sherry, J., Ratnasamy, S., & Shenker, S. (2013). How to Improve Your Network Performance by Asking Your Provider for Worse Service. In Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks (HotNets) (pp. 25:1–25:7). ACM. [pdf] [bibtex]

BibTeX:

@workshop{mittal-hotnets13,
  author = {Mittal, Radhika and Sherry, Justine and Ratnasamy, Sylvia and Shenker, Scott},
  title = {How to Improve Your Network Performance by Asking Your Provider for Worse Service},
  booktitle = {Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks (HotNets)},
  series = {HotNets-XII},
  year = {2013},
  location = {College Park, Maryland},
  pages = {25:1--25:7},
  articleno = {25},
  numpages = {7},
  publisher = {ACM},
  address = {New York, NY, USA}
}

Vulimiri, A., Godfrey, P. B., Mittal, R., Sherry, J., Ratnasamy, S., & Shenker, S. (2013). Low Latency via Redundancy. Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT), 283–294. [pdf] [bibtex]

BibTeX:

@inproceedings{vulmiri-conext13,
  author = {Vulimiri, Ashish and Godfrey, Philip Brighten and Mittal, Radhika and Sherry, Justine and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Low Latency via Redundancy},
  booktitle = {Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT)},
  series = {CoNEXT '13},
  year = {2013},
  location = {Santa Barbara, California, USA},
  pages = {283--294},
  numpages = {12},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {latency, performance, reliability}
}

2012

Sherry, J., Kim, D. C., Mahalingam, S. S., Tang, A., Wang, S., & Ratnasamy, S. (2012). Netcalls: End Host Function Calls to Network Traffic Processing Services [UCB/EECS-2012-175]. UC Berkeley, Department of Electrical Engineering and Computer Sciences. [pdf] [abstract] [bibtex]

Abstract: Function calls are a basic primitive by which applications invoke services from external entities. In this paper, we propose “network calls” (netcalls), a general primitive to invoke advanced traffic processing services – such as firewalling or caching – from the network. We design and implement the netcalls API and a backend architecture to support netcalls, allowing end host applications to interact with services not only in their own access network, but any network their traffic traverses. Demonstrating the utility of netcalls, we built three applications to invoke netcalls, along with corresponding network services: interdomain firewalling for DDoS defense,‘opportunistic’ traffic compression, and intrusion detection for mobile phones.
BibTeX:
```
@techreport{sherry-techreport12,
  title = {Netcalls: End Host Function Calls to Network Traffic Processing Services},
  author = {Sherry, J. and Kim, D. C. and Mahalingam, S. S. and Tang, A. and Wang, S. and Ratnasamy, S.},
  institution = {UC Berkeley, Department of Electrical Engineering and Computer Sciences},
  year = {2012},
  type = {UCB/EECS-2012-175}
}
```
Sherry, J. (2012). Future Architectures for Middlebox Processing Services on the Internet and in the Cloud (Number UCB/EECS-2012-240). EECS Department, University of California, Berkeley. [pdf] [abstract] [bibtex]

Abstract: Middleboxes, such as caches, firewalls, and intrusion detection systems, form a vital part of network infrastructure today. Administrators deploy middleboxes in diverse scenarios from enterprise networks, to datacenters, to access networks. However, middleboxes are universally deployed under what we call the ‘unilateral model’, where middleboxes are deployed and configured by administrators alone, for the benefit of hosts in a single domain alone. In this thesis, we present two new deployment models for middleboxes which offer new capabilities for middlebox usage as well as new business models for middlebox deployment. Netcalls is an extension to the Internet architecture that allows end host applications to invoke and configure middleboxes in any network their traffic traverses; for example, we present a web server that invokes inter-domain DDoS defense when it detects that it is under attack. APLOMB is a system that allows enterprise networks (as well as individual end hosts) to tunnel their traffic to and from a cloud service that applies middlebox processing to their traffic, avoiding the costly and management-intensive burden of administering middleboxes in a local network. Netcalls and APLOMB allow ISPs and cloud providers (respectively) to monetize their deployment of middleboxes by offering them as a service to third-party clients; all the while presenting new capabilities, in the case of netcalls by enabling application interaction and in the case of APLOMB by providing better scalability and easier management. We discuss both of these proposals and their benefits in detail; we then discuss challenges and opportunities towards their deployment and adoption.
BibTeX:
```
@thesis{sherry-mastersthesis,
  author = {Sherry, Justine},
  title = {Future Architectures for Middlebox Processing Services on the Internet and in the Cloud},
  school = {EECS Department, University of California, Berkeley},
  year = {2012},
  month = dec,
  number = {UCB/EECS-2012-240}
}
```

Rao, A., Choffnes, D., Sherry, J., Legaut, A., Krishnamurthy, A., & Dabbous, W. (2012). Meddle: Middleboxes for Increased Transparency and Control of Mobile Traffic. In CoNEXT 2012 Student Workshop. ACM. Awarded Best Paper. [pdf] [bibtex]

BibTeX:

@workshop{rao-conextstudent12,
  author = {Rao, A. and Choffnes, D. and Sherry, J. and Legaut, A. and Krishnamurthy, A. and Dabbous, W.},
  title = {Meddle: Middleboxes for Increased Transparency and Control of Mobile Traffic},
  booktitle = {CoNEXT 2012 Student Workshop},
  year = {2012},
  publisher = {ACM},
  address = {New York, NY, USA},
  award = {Best Paper}
}

Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., & Sekar, V. (2012). Making Middleboxes Someone Else’s Problem: Network Processing As a Cloud Service. Proceedings of the 2012 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM), 13–24. [pdf] [bibtex]

BibTeX:

@inproceedings{sherry-sigcomm12,
  author = {Sherry, Justine and Hasan, Shaddi and Scott, Colin and Krishnamurthy, Arvind and Ratnasamy, Sylvia and Sekar, Vyas},
  title = {Making Middleboxes Someone Else's Problem: Network Processing As a Cloud Service},
  booktitle = {Proceedings of the 2012 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '12},
  year = {2012},
  isbn = {978-1-4503-1419-0},
  location = {Helsinki, Finland},
  pages = {13--24},
  numpages = {12},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {cloud, middlebox, outsourcing}
}

2010

Sherry, J., Katz-Bassett, E., Pimenova, M., Madhyastha, H. V., Anderson, T., & Krishnamurthy, A. (2010). Resolving IP Aliases with Prespecified Timestamps. Proceedings of the 2010 ACM Conference on Internet Measurement (IMC), 172–178. [pdf] [bibtex]

BibTeX:

@inproceedings{sherry-imc10,
  author = {Sherry, Justine and Katz-Bassett, Ethan and Pimenova, Mary and Madhyastha, Harsha V. and Anderson, Thomas and Krishnamurthy, Arvind},
  title = {Resolving IP Aliases with Prespecified Timestamps},
  booktitle = {Proceedings of the 2010 ACM Conference on Internet Measurement (IMC)},
  series = {IMC '10},
  year = {2010},
  isbn = {978-1-4503-0483-2},
  location = {Melbourne, Australia},
  pages = {172--178},
  numpages = {7},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {alias resolution, ip options, ip timestamp}
}

Sherry, J. (2010). Applications of the IP Timestamp Option to Internet Measurement. Computer Science & Engineering, University of Washington. Awarded CSE Best Senior Thesis. [pdf] [abstract] [bibtex]

Abstract: Limited support and inconsistent behavior for IP options has led to the common belief that most options cannot be useful. IP timestamp was no exception, until recently, when prespecified IP timestamp measurements were successfully integrated into the Reverse traceroute system. Prespecified timestamps allow the sender to request a series of up to four timestamps from all routers which may receive the packet. Each machine that receives a timestamp probe checks to see whether the next, unstamped IP address matches its own, and if so, provides a timestamp. In this paper, we provide a more extended argument for the role of prespecified timestamps in the measurement toolkit, and demonstrate two new practical use cases for timestamp measurements. We discover over 47% of ICMP ping-responsive routers in our sample support timestamp options, and both document and suggest methods for dealing with some of the differences between implementations of the timestamp option. Where supported, timestamp probes can take advantage of several attributes uncharacteristic of other common measurement tools: a view of the complete path the probe takes, combined responses from up to four requested addresses, and timestamp values from each responsive address. Illustrating these characteristics, we provide several use cases for timestamp probes. First, we describe how timestamps are integrated into the Reverse traceroute system, discovering routers on the path taken from a destination back to the requesting source. Next, we confirm IP aliases by combining multiple timestamp requests for candidate alias pairs in the same probe. In our application, we identify thousands of alias clusters currently unaddressable by the leading alias resolution technique. As our final use case, we apply the literal timestamp values to assessing one-way link delay. With this technique, we measure the delay between backbone PoPs on the Internet2 network with values comparable to those discovered through measurements at the source.
BibTeX:
```
@thesis{sherry-bsthesis,
  author = {Sherry, Justine},
  title = {Applications of the IP Timestamp Option to Internet Measurement},
  school = {Computer Science & Engineering, University of Washington},
  month = mar,
  year = {2010},
  award = {CSE Best Senior Thesis}
}
```

Katz-Bassett, E., Madhyastha, H. V., Adhikari, V. K., Scott, C., Sherry, J., Van Wesep, P., Anderson, T., & Krishnamurthy, A. (2010). Reverse Traceroute. Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI), 15–15. Awarded Best Paper. [pdf] [bibtex]

BibTeX:

@inproceedings{katzbassett-nsdi10,
  author = {Katz-Bassett, Ethan and Madhyastha, Harsha V. and Adhikari, Vijay Kumar and Scott, Colin and Sherry, Justine and Van Wesep, Peter and Anderson, Thomas and Krishnamurthy, Arvind},
  title = {Reverse Traceroute},
  booktitle = {Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI)},
  series = {NSDI'10},
  year = {2010},
  location = {San Jose, California},
  pages = {15--15},
  numpages = {1},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA},
  award = {Best Paper}
}

2009

Sherry, J. (2009). Unlocking the Potential of Cell Phones (pp. 200–321). In ’From the Bottom Up: Rethinking United States Development Assistance’. Editors S. Arbogast, A. O’Leary, W. Latsch. Jackson School of International Studies, University of Washington. [pdf] [abstract] [bibtex]

Abstract: The rapid rise of mobile phone use in poor countries is well known as an exemplary case of a technology enabling bottom-up empowerment through information access, driven by smallmargin business and end-user innovation. While many are not mobile phone owners themselves, few today face a several mile walk to access an often-disconnected landline phone for communication, which was a regular occurrence only ten years ago. But even as some marvel at the rapid changes brought about by mobile phone use, a second generation boom is already occurring, developing innovative applications for the now widespread mobile phone platform. Building off this new connectivity, there are new programs aiming to provide public information access, data storage and accounting, and even mobile banking, mostly utilizing only the cheapest phone models. Whether for-profit or as charity, these applications are seen by many as the next step in leveraging the power of mobile phone diffusion to provide information access cheaply and efficiently to the world’s poorest. While some may see this new movement as over-exuberant, high-profile new programs are being driven by enthusiasts representing the technology industry, academic research groups, and international aid organizations. As a result, the future of mobile phone applications, as well as most technology in development, is relevant to business and trade policy, research investment, as well as traditional development aid programs.
BibTeX:
```
@thesis{sherry-bsthesis2,
  author = {Sherry, Justine},
  title = {Unlocking the Potential of Cell Phones},
  pages = {200-321},
  school = {In 'From the Bottom Up: Rethinking United States Development Assistance'. Editors S. Arbogast, A. O'Leary, W. Latsch. Jackson School of International Studies, University of Washington},
  month = mar,
  year = {2009}
}
```