Justine Sherry's Homepage

2021

Liu, G., Sadok, H., Kohlbrenner, A., Parno, B., Sekar, V., & Sherry, J. (2021). Don’t Yank My Chain: Auditable NF Service Chaining. In Proceedings of the 18th USENIX Symposium on Networked Systems Design and Implementation (NSDI). Berkeley, CA, USA: USENIX Association. [pdf] [abstract] [bibtex]

Abstract: Auditing is a crucial component of network security practices in organizations with sensitive information, such as banks and hospitals. Unfortunately, network function virtualization (NFV) is viewed as incompatible with auditing practices which verify that security functions operate correctly. In this paper, we bring the benefits of NFV to security-sensitive environments with the design and implementation of AuditBox. AuditBox not only makes NFV compatible with auditing, but also provides stronger guarantees than traditional auditing procedures. In traditional auditing, administrators test the system for correctness on a schedule, e.g., once per month. In contrast, AuditBox continuously self-monitors for correct behavior, proving runtime guarantees that the system remains in compliance with policy goals. Furthermore, AuditBox remains compatible with traditional auditing practices by providing sampled logs which still allow auditors to inspect system behavior manually. AuditBox achieves its goals by combining trusted execution environments with a lightweight verified routing protocol (VRP). Despite the complexity of routing policies for service-function chains relative to traditional routing, AuditBox’s protocol introduces 72-80% fewer bytes of overhead per packet (in a 5-hop service chain) and provides 61-67% higher goodput than prior work on VRPs designed for the Internet.
BibTeX:
```
@inproceedings{liu-nsdi2021,
  author = {Liu, Guyue and Sadok, Hugo and Kohlbrenner, Anne and Parno, Bryan and Sekar, Vyas and Sherry, Justine},
  title = {{Don't Yank My Chain: Auditable NF Service Chaining}},
  booktitle = {Proceedings of the 18th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI})},
  series = {NSDI '21},
  year = {2021},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA}
}
```

2020

Zhao, Z., Sadok, H., Atre, N., Hoe, J., Sekar, V., & Sherry, J. (2020). Achieving 100Gbps Intrusion Prevention on a Single Server. In Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Berkeley, CA, USA: USENIX Association. [pdf] [abstract] [bibtex] [code]
Press Coverage: The Morning Paper, Dark Reading

Abstract: Intrusion Detection and Prevention Systems (IDS/IPS) are among the most demanding stateful network functions. Today’s network operators are faced with securing 100Gbps networks with 100K+ concurrent connections by deploying IDS/IPSes to search for 10K+ rules concurrently. In this paper we set an ambitious goal: Can we do all of the above in a single server? Through the Pigasus IDS/IPS, we show that this goal is achievable, perhaps for the first time, by building on recent advances in FPGA-capable SmartNICs. Pigasus’ design takes an FPGA-first approach, where the majority of processing, and all state and control flow are managed on the FPGA. However, doing so requires careful design of algorithms and data structures to ensure fast common-case performance while densely utilizing system memory resources. Our experiments with a variety of traces show that Pigasus can support 100Gbps using an average of 5 cores and 1 FPGA, using 38x less wattage than a CPU-only approach.
BibTeX:
```
@inproceedings{zhao-osdi20,
  author = {Zhao, Zhipeng and Sadok, Hugo and Atre, Nirav and Hoe, James and Sekar, Vyas and Sherry, Justine},
  title = {Achieving 100Gbps Intrusion Prevention on a Single Server},
  booktitle = {Proceedings of the 14th {USENIX} Symposium on Operating Systems Design and Implementation ({OSDI})},
  series = {OSDI '20},
  year = {2020},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA},
  code = {https://github.com/cmu-snap/pigasus},
  press = {The Morning Paper, Dark Reading}
}
```
Atre, N., Sherry, J., Wang, W., & Berger, D. (2020). Caching with Delayed Hits. In Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). New York, NY, USA: ACM. [pdf] [abstract] [bibtex] [code]

Abstract: Caches are at the heart of latency-sensitive systems. In this paper, we identify a growing challenge for the design of latency-minimizing caches called delayed hits. Delayed hits occur at high throughput, when multiple requests to the same object queue up before an outstanding cache miss is resolved. This effect increases latencies beyond the predictions of traditional caching models and simulations; in fact, caching algorithms are designed as if delayed hits simply didn’t exist. We show that traditional caching strategies – even so called ‘optimal’ algorithms – can fail to minimize latency in the presence of delayed hits. We design a new, latency-optimal offline caching algorithm called belatedly which reduces average latencies by up to 45% compared to the traditional, hit-rate optimal Belady’s algorithm. Using belatedly as our guide, we show that incorporating an object’s ‘aggregate delay’ into online caching heuristics can improve latencies for practical caching systems by up to 40%. We implement a prototype, Minimum-AggregateDelay (mad), within a CDN caching node. Using a CDN production trace and backends deployed in different geographic locations, we show that mad can reduce latencies by 12-18% depending on the backend RTTs.
BibTeX:
```
@inproceedings{atre-sigcomm20,
  author = {Atre, Nirav and Sherry, Justine and Wang, Weina and Berger, Daniel},
  title = {Caching with Delayed Hits},
  booktitle = {Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '20},
  year = {2020},
  publisher = {ACM},
  address = {New York, NY, USA},
  code = {https://github.com/cmu-snap/Delayed-Hits}
}
```
Manousis, A., Sharma, R. A., Sekar, V., & Sherry, J. (2020). Contention-Aware Performance Prediction for Virtualized Network Functions. In Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM). New York, NY, USA: ACM. [pdf] [abstract] [bibtex] [code]

Abstract: At the core of Network Functions Virtualization lie Network Functions (NFs) that run co-resident on the same server, contend over its hardware resources and, thus, might suffer from reduced performance relative to running alone on the same hardware. Therefore, to efficiently manage resources and meet performance SLAs, NFV orchestrators need mechanisms to predict contention-induced performance degradation. In this work, we find that prior performance prediction frameworks suffer from poor accuracy on modern architectures and NFs because they treat memory as a monolithic whole. In addition, we show that, in practice, there exist multiple components of the memory subsystem that can separately induce contention. By precisely characterizing (1) the pressure each NF applies on the server’s shared hardware resources (contentiousness) and (2) how susceptible each NF is to performance drop due to competing contentiousness (sensitivity), we develop SLOMO, a multivariable performance prediction framework for Network Functions. We show that relative to prior work SLOMO reduces prediction error by 2-5x and enables 6-14% more efficient cluster utilization. SLOMO’s codebase can be found at https://github.com/cmu-snap/SLOMO.
BibTeX:
```
@inproceedings{manousis-sigcomm20,
  author = {Manousis, Antonis and Sharma, Rahul Anand and Sekar, Vyas and Sherry, Justine},
  title = {Contention-Aware Performance Prediction for Virtualized Network Functions},
  booktitle = {Proceedings of the 2020 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '20},
  year = {2020},
  publisher = {ACM},
  address = {New York, NY, USA},
  code = {https://github.com/cmu-snap/SLOMO}
}
```

2019

Ware, R., Mukerjee, M., Seshan, S., & Sherry, J. (2019). Beyond Jain’s Fairness Index: Setting the Bar For The Deployment of Congestion Control Algorithms. Proceedings of the Eighteenth ACM Workshop on Hot Topics in Networks (HotNets). New York, NY, USA: ACM. Awarded IRTF Applied Networking Research Prize. [pdf] [abstract] [bibtex]

Abstract: The Internet community faces an explosion in new congestion control algorithms such as Copa, Sprout, PCC, and BBR. In this paper, we discuss considerations for deploying new algorithms on the Internet. While past efforts have focused on achieving ‘fairness’ or ‘friendliness’ between new algorithms and deployed algorithms, we instead advocate for an approach centered on quantifying and limiting harm caused by the new algorithm on the status quo. We argue that a harm-based approach is more practical, more future proof, and handles a wider range of quality metrics than traditional notions of fairness and friendliness.
BibTeX:
```
@workshop{ware-hotnets19,
  author = {Ware, Ranysha and Mukerjee, Matthew and Seshan, Srinivasan and Sherry, Justine},
  title = {{Beyond Jain’s Fairness Index: Setting the Bar For The Deployment of Congestion Control Algorithms}},
  booktitle = {Proceedings of the Eighteenth ACM Workshop on Hot Topics in Networks (HotNets)},
  year = {2019},
  location = {Princeton, New Jersey},
  publisher = {ACM},
  address = {New York, NY, USA},
  award = {IRTF Applied Networking Research Prize}
}
```
Ware, R., Mukerjee, M., Seshan, S., & Sherry, J. (2019). Modeling BBR’s Interactions with Loss-Based Congestion Control. In Proceedings of the 2019 ACM SIGCOMM Internet Measurement Conference (IMC). New York, NY, USA: ACM. [pdf] [abstract] [bibtex]
Press Coverage: The Telegraph, Wired Italian, Vice

Abstract: BBR is a new congestion control algorithm (CCA) deployed for Chromium QUIC and the Linux kernel. As the default CCA for YouTube (which commands 11+% of Internet traffic), BBR has rapidly become a major player in Internet congestion control. BBR’s fairness or friendliness to other connections has recently come under scrutiny as measurements from multiple research groups have shown undesirable outcomes when BBR competes with traditional CCAs. One such outcome is a fixed, 40% proportion of link capacity consumed by a single BBR flow when competing with as many as 16 loss-based algorithms like Cubic or Reno. In this short paper, we provide the first model capturing BBR’s behavior in competition with loss-based CCAs. Our model is coupled with practical experiments to validate its implications. The key lesson is this: under competition, BBR becomes window-limited by its ‘in-flight cap’ which then determines BBR’s bandwidth consumption. By modeling the value of BBR’s in-flight cap under varying network conditions, we can predict BBR’s throughput when competing against Cubic flows with a median error of 5%, and against Reno with a median of 8%.
BibTeX:
```
@inproceedings{ware-imc2019,
  author = {Ware, Ranysha and Mukerjee, Matthew and Seshan, Srini and Sherry, Justine},
  title = {Modeling BBR's Interactions with Loss-Based Congestion Control},
  booktitle = {Proceedings of the 2019 ACM SIGCOMM Internet Measurement Conference (IMC)},
  series = {IMC '19},
  year = {2019},
  location = {Amsterdam, Netherlands},
  publisher = {ACM},
  address = {New York, NY, USA},
  press = {The Telegraph, Wired Italian, Vice}
}
```
Antichi, G., Benson, T., Foster, N., Ramos, F. M. V., & Sherry, J. (2019). Programmable Network Data Planes (Dagstuhl Seminar 19141). Dagstuhl Reports, 9(3), 178–201. [pdf] [abstract] [bibtex]

Abstract: Software-Defined Networking (SDN) started the "softwarization" of networking. By relocating the control plane onto a logically centralized machine, SDN gave programmers the ability to specify the behavior of the network directly in software, unleashing a major transformation both in the networking research community and in industry. However, a key limitation of the original SDN vision was the limited functionality exposed in protocols such as OpenFlow. Recent efforts to develop reconfigurable data planes and high-level network programming languages has made it possible to truly program the data plane – i.e., to change the way packets are processed on network devices. The ability to fully program the network-both control and data plane-is expected have a profound impact on the field of networking in the coming years. In this seminar we discussed the key questions and problems to be addressed in the next 10 years on the area of programmable dataplanes, and how they will potentially shape the future of networking. As an outcome we are now working on a research agenda to serve as the start of a discussion with networking researchers, practitioners, and the industry as a whole. This report is a first step towards that goal.
BibTeX:
```
@article{antichi-dagstuhl19,
  author = {Antichi, Gianni and Benson, Theophilus and Foster, Nate and Ramos, Fernando M. V. and Sherry, Justine},
  title = {{Programmable Network Data Planes (Dagstuhl Seminar 19141)}},
  pages = {178--201},
  journal = {Dagstuhl Reports},
  issn = {2192-5283},
  year = {2019},
  volume = {9},
  number = {3},
  editor = {Antichi, Gianni and Benson, Theophilus and Foster, Nate and Ramos, Fernando M. V. and Sherry, Justine},
  publisher = {Schloss Dagstuhl--Leibniz-Zentrum fuer Informatik},
  address = {Dagstuhl, Germany}
}
```

2018

Fang, V., Lévai, T., Han, S., Ratnasamy, S., Raghavan, B., & Sherry, J. (2018). Evaluating Software Switches: Hard or Hopeless? (No. UCB/EECS-2018-136). EECS Department, University of California, Berkeley. [pdf] [bibtex]

BibTeX:

@techreport{fang-techreport18,
  author = {Fang, Vivian and Lévai, Tamás and Han, Sangjin and Ratnasamy, Sylvia and Raghavan, Barath and Sherry, Justine},
  title = {Evaluating Software Switches: Hard or Hopeless?},
  institution = {EECS Department, University of California, Berkeley},
  year = {2018},
  month = oct,
  number = {UCB/EECS-2018-136}
}

Woo, S., Sherry, J., Han, S., Moon, S., Ratnasamy, S., & Shenker, S. (2018). Elastic Scaling of Stateful Network Functions. In Proceedings of the 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI) (pp. 299–312). Renton, WA: USENIX Association. [pdf] [abstract] [bibtex]

Abstract: Elastic scaling is a central promise of NFV but has been hard to realize in practice. The difficulty arises because most Network Functions (NFs) are stateful and this state need to be shared across NF instances. Implementing state sharing while meeting the throughput and latency requirements placed on NFs is challenging and, to date, no solution exists that meets NFV’s performance goals for the full spectrum of NFs. S6 is a new framework that supports elastic scaling of NFs without compromising performance. Its design builds on the insight that a distributed shared state abstraction is well-suited to the NFV context. We organize state as a distributed shared object (DSO) space and extend the DSO concept with techniques designed to meet the need for elasticity and high-performance in NFV workloads. S6 simplifies development: NF writers program with no awareness of how state is distributed and shared. Instead, S6 transparently migrates state and handles accesses to shared state. In our evaluation, compared to recent solutions for dynamic scaling of NFs, S6 improves performance by 100x during scaling events, and by 2-5x under normal operation.
BibTeX:
```
@inproceedings{woo-nsdi18,
  author = {Woo, Shinae and Sherry, Justine and Han, Sangjin and Moon, Sue and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Elastic Scaling of Stateful Network Functions},
  booktitle = {Proceedings of the 15th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI})},
  year = {2018},
  isbn = {978-1-931971-43-0},
  address = {Renton, WA},
  pages = {299--312},
  publisher = {{USENIX} Association}
}
```

2017

Martins, R., & Sherry, J. (2017). Lisbon Wedding: Seating Arrangements Using MaxSAT (No. B-2017-2). (C. Antsotegui, F. Bacchus, M. Jarvisalo, & R. Martins, Eds.), MaxSAT Evaluation 2017: Solver and Benchmark Descriptions (pp. 25–26). Department of Computer Science, University of Helsinki. [pdf] [abstract] [bibtex]

Abstract: Having a perfect seating arrangement for weddings is not an easy task. Can Alice sit next to Bob? Can we ensure that Charles and his ex-girlfriend Eve not be seated together? Meeting such constraints is classically one of the most difficult tasks in planning a wedding – and guests will not accept ’it’s NP-complete!’ as an excuse for poor seating arrangements. We discuss how MaxSAT can provide the optimal seating arrangement for a perfect wedding, saving brides and grooms (including the authors) from hours of struggle.
BibTeX:
```
@techreport{martins-mse17,
  author = {Martins, Ruben and Sherry, Justine},
  title = {{Lisbon Wedding: Seating Arrangements Using MaxSAT}},
  institution = {{Department of Computer Science, University of Helsinki}},
  year = {2017},
  month = nov,
  number = {B-2017-2},
  booktitle = {MaxSAT Evaluation 2017: Solver and Benchmark Descriptions
  },
  editor = {Antsotegui, Carlos and Bacchus, Fahiem and Jarvisalo, Matti and Martins, Ruben},
  pages = {25--26}
}
```

2016

Sherry, J. (2016). Middleboxes as a Cloud Service. EECS Department, University of California, Berkeley. Awarded SIGCOMM Doctoral Dissertation Award. [pdf] [abstract] [bibtex]

Abstract: Today’s networks do much more than merely deliver packets. Through the deployment of middleboxes, enterprise networks today provide improved security – e.g., filtering malicious content – and performance capabilities – e.g., caching frequently accessed content. Although middleboxes are deployed widely in enterprises, they bring with them many challenges: they are complicated to manage, expensive, prone to failures, and challenge privacy expectations. In this thesis, we aim to bring the benefits of cloud computing to networking. We argue that middlebox services can be outsourced to cloud providers in a similar fashion to how mail, compute, and storage are today outsourced. We begin by presenting APLOMB, a system that allows enterprises to outsource middlebox processing to a third party cloud or ISP. For enterprise networks, APLOMB can reduce costs, ease management, and provide resources for scalability and failover. For service providers, APLOMB offers new customers and business opportunities, but also presents new challenges. Middleboxes have tighter performance demands than existing cloud services, and hence supporting APLOMB requires redesigning software at the cloud. We re-consider classical cloud challenges including fault-tolerance and privacy, showing how to implement middlebox software solutions with throughput and latency 2-4 orders of magnitude more efficient than general-purpose cloud approaches.
BibTeX:
```
@thesis{sherry-phdthesis,
  author = {Sherry, Justine},
  title = {Middleboxes as a Cloud Service},
  school = {EECS Department, University of California, Berkeley},
  year = {2016},
  month = nov,
  number = {UCB/EECS-2016-165},
  award = {SIGCOMM Doctoral Dissertation Award}
}
```
Lan, C., Sherry, J., Popa, R. A., Ratnasamy, S., & Liu, Z. (2016). Embark: Securely Outsourcing Middleboxes to the Cloud. In Proceedings of the 13th USENIX Conference on Networked Systems Design and Implementation (NSDI) (pp. 255–273). Berkeley, CA, USA: USENIX Association. [pdf] [abstract] [bibtex]

Abstract: It is increasingly common for enterprises and other organizations to outsource network processing to the cloud. For example, enterprises may outsource firewalling, caching, and deep packet inspection, just as they outsource compute and storage. However, this poses a threat to enterprise confidentiality because the cloud provider gains access to the organization’s traffic. We design and build Embark, the first system that enables a cloud provider to support middlebox outsourcing while maintaining the client’s confidentiality. Embark encrypts the traffic that reaches the cloud and enables the cloud to process the encrypted traffic without decrypting it. Embark supports a wide-range of middleboxes such as firewalls, NATs, web proxies, load balancers, and data exfiltration systems. Our evaluation shows that Embark supports these applications with competitive performance.
BibTeX:
```
@inproceedings{lan-nsdi16,
  author = {Lan, Chang and Sherry, Justine and Popa, Raluca Ada and Ratnasamy, Sylvia and Liu, Zhi},
  title = {Embark: Securely Outsourcing Middleboxes to the Cloud},
  booktitle = {Proceedings of the 13th USENIX Conference on Networked Systems Design and Implementation (NSDI)},
  series = {NSDI'16},
  year = {2016},
  location = {Santa Clara, CA},
  pages = {255--273},
  numpages = {19},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA}
}
```
Panda, A., McCauley, J. M., Tootoonchian, A., Sherry, J., Koponen, T., Ratnasamy, S., & Shenker, S. (2016). Open Network Interfaces for Carrier Networks. Computer Communications Review (CCR), 46(1), 5–11. [pdf] [abstract] [bibtex]

Abstract: With the increasing prevalence of middleboxes, networks today are capable of doing far more than merely delivering packets. In fact, to realize their full potential for both supporting innovation and generating revenue, we should think of carrier networks as service-delivery platforms. This requires providing open interfaces that allow third-parties to leverage carrier-network infrastructures in building global-scale services. In this position paper, we take the first steps towards making this vision concrete by identifying a few such interfaces that are both simple-to-support and safe-to-deploy (for the carrier) while being flexibly useful (for third-parties).
BibTeX:
```
@article{panda-ccr16,
  author = {Panda, Aurojit and McCauley, James Murphy and Tootoonchian, Amin and Sherry, Justine and Koponen, Teemu and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Open Network Interfaces for Carrier Networks},
  journal = {Computer Communications Review (CCR)},
  issue_date = {January 2016},
  volume = {46},
  number = {1},
  month = jan,
  year = {2016},
  pages = {5--11},
  numpages = {7},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {edge services, services}
}
```

Bailis, P., Sherry, J., & Peter, S. (2016). Introducing Research for Practice: NFV and Middleboxes. Queue. New York, NY, USA: ACM. [pdf] [bibtex]

BibTeX:

@misc{bailis-queue16,
  author = {Bailis, Peter and Sherry, Justine and Peter, Simon},
  title = {Introducing Research for Practice: NFV and Middleboxes},
  journal = {Queue},
  issue_date = {March-April 2016},
  volume = {14},
  number = {2},
  month = apr,
  year = {2016},
  pages = {70:76--70:90},
  articleno = {70},
  numpages = {15},
  publisher = {ACM},
  address = {New York, NY, USA}
}

2015

Sherry, J., Gao, P. X., Basu, S., Panda, A., Krishnamurthy, A., Maciocco, C., … Shenker, S. (2015). Rollback-Recovery for Middleboxes. In Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM) (pp. 227–240). New York, NY, USA: ACM. Awarded Best Student Paper. [pdf] [abstract] [bibtex]

Abstract: Network middleboxes must offer high availability, with automatic failover when a device fails. Achieving high availability is challenging because failover must correctly restore lost state (e.g., activity logs, port mappings) but must do so quickly (e.g., in less than typical transport timeout values to minimize disruption to applications) and with little overhead to failure-free operation (e.g., additional per-packet latencies of 10-100s of us). No existing middlebox design provides failover that is correct, fast to recover, and imposes little increased latency on failure-free operations. We present a new design for fault-tolerance in middleboxes that achieves these three goals. Our system, FTMB (for Fault-Tolerant MiddleBox), adopts the classical approach of "rollback recovery" in which a system uses information logged during normal operation to correctly reconstruct state after a failure. However, traditional rollback recovery cannot maintain high throughput given the frequent output rate of middleboxes. Hence, we design a novel solution to record middlebox state which relies on two mechanisms: (1) ’ordered logging’, which provides lightweight logging of the information needed after recovery, and (2) a ‘parallel release’ algorithm which, when coupled with ordered logging, ensures that recovery is always correct. We implement ordered logging and parallel release in Click and show that for our test applications our design adds only 30\mus of latency to median per packet latencies. Our system introduces moderate throughput overheads (5-30%) and can reconstruct lost state in 40-275ms for practical systems.
BibTeX:
```
@inproceedings{sherry-sigcomm15b,
  author = {Sherry, Justine and Gao, Peter Xiang and Basu, Soumya and Panda, Aurojit and Krishnamurthy, Arvind and Maciocco, Christian and Manesh, Maziar and Martins, Jo\~{a}o and Ratnasamy, Sylvia and Rizzo, Luigi and Shenker, Scott},
  title = {Rollback-Recovery for Middleboxes},
  booktitle = {Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '15},
  year = {2015},
  location = {London, United Kingdom},
  pages = {227--240},
  numpages = {14},
  publisher = {ACM},
  award = {Best Student Paper},
  address = {New York, NY, USA},
  keywords = {middlebox reliability, parallel fault-tolerance}
}
```
Jang, K., Sherry, J., Ballani, H., & Moncaster, T. (2015). Silo: Predictable Message Latency in the Cloud. In Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM) (pp. 435–448). New York, NY, USA: ACM. [pdf] [abstract] [bibtex]

Abstract: Many cloud applications can benefit from guaranteed latency for their network messages, however providing such predictability is hard, especially in multi-tenant datacenters. We identify three key requirements for such predictability: guaranteed network bandwidth, guaranteed packet delay and guaranteed burst allowance. We present Silo, a system that offers these guarantees in multi-tenant datacenters. Silo leverages the tight coupling between bandwidth and delay: controlling tenant bandwidth leads to deterministic bounds on network queuing delay. Silo builds upon network calculus to place tenant VMs with competing requirements such that they can coexist. A novel hypervisor-based policing mechanism achieves packet pacing at sub-microsecond granularity, ensuring tenants do not exceed their allowances. We have implemented a Silo prototype comprising a VM placement manager and a Windows filter driver. Silo does not require any changes to applications, guest OSes or network switches. We show that Silo can ensure predictable message latency for cloud applications while imposing low overhead.
BibTeX:
```
@inproceedings{jang-sigcomm15,
  author = {Jang, Keon and Sherry, Justine and Ballani, Hitesh and Moncaster, Toby},
  title = {Silo: Predictable Message Latency in the Cloud},
  booktitle = {Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '15},
  year = {2015},
  location = {London, United Kingdom},
  pages = {435--448},
  numpages = {14},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {guaranteed latency, latency SLA, network QoS, network calculus, traffic pacing}
}
```
Sherry, J., Lan, C., Popa, R. A., & Ratnasamy, S. (2015). BlindBox: Deep Packet Inspection over Encrypted Traffic. In Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM) (pp. 213–226). New York, NY, USA: ACM. [pdf] [abstract] [bibtex]
Press Coverage: The Morning Paper

Abstract: Many network middleboxes perform deep packet inspection (DPI), a set of useful tasks which examine packet payloads. These tasks include intrusion detection (IDS), exfiltration detection, and parental filtering. However, a long-standing issue is that once packets are sent over HTTPS, middleboxes can no longer accomplish their tasks because the payloads are encrypted. Hence, one is faced with the choice of only one of two desirable properties: the functionality of middleboxes and the privacy of encryption. We propose BlindBox, the first system that simultaneously provides both of these properties. The approach of BlindBox is to perform the deep-packet inspection directly on the encrypted traffic. BlindBox realizes this approach through a new protocol and new encryption schemes. We demonstrate that BlindBox enables applications such as IDS, exfiltration detection and parental filtering, and supports real rulesets from both open-source and industrial DPI systems. We implemented BlindBox and showed that it is practical for settings with long-lived HTTPS connections. Moreover, its core encryption scheme is 3-6 orders of magnitude faster than existing relevant cryptographic schemes.
BibTeX:
```
@inproceedings{sherry-sigcomm15a,
  author = {Sherry, Justine and Lan, Chang and Popa, Raluca Ada and Ratnasamy, Sylvia},
  title = {BlindBox: Deep Packet Inspection over Encrypted Traffic},
  booktitle = {Proceedings of the 2015 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '15},
  year = {2015},
  location = {London, United Kingdom},
  pages = {213--226},
  numpages = {14},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {middlebox privacy, network privacy, searchable encryption},
  press = {The Morning Paper}
}
```

2014

Mittal, R., Sherry, J., Ratnasamy, S., & Shenker, S. (2014). Recursively Cautious Congestion Control. In Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation (NSDI) (pp. 373–385). Berkeley, CA, USA: USENIX Association. [pdf] [abstract] [bibtex]

Abstract: TCP’s congestion control is deliberately cautious, avoiding network overloads by starting with a small initial window and then iteratively ramping up. As a result, it often takes flows several round-trip times to fully utilize the available bandwidth. In this paper we propose RC3, a technique to quickly take advantage of available capacity from the very first RTT. RC3 uses several levels of lower priority service and a modified TCP behavior to achieve near-optimal throughputs while preserving TCP-friendliness and fairness. We implement RC3 in the Linux kernel and in NS-3. In common wide-area scenarios, RC3 results in over 40% reduction in average flow completion times, with strongest improvements - more than 70% reduction in flow completion time - seen in medium to large sized (100KB - 3MB) flows.
BibTeX:
```
@inproceedings{mittal-nsdi14,
  author = {Mittal, Radhika and Sherry, Justine and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Recursively Cautious Congestion Control},
  booktitle = {Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation (NSDI)},
  series = {NSDI'14},
  year = {2014},
  location = {Seattle, WA},
  pages = {373--385},
  numpages = {13},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA}
}
```

2013

Vulimiri, A., Godfrey, P. B., Mittal, R., Sherry, J., Ratnasamy, S., & Shenker, S. (2013). Low Latency via Redundancy. In Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT) (pp. 283–294). New York, NY, USA: ACM. [pdf] [bibtex]

BibTeX:

@inproceedings{vulmiri-conext13,
  author = {Vulimiri, Ashish and Godfrey, Philip Brighten and Mittal, Radhika and Sherry, Justine and Ratnasamy, Sylvia and Shenker, Scott},
  title = {Low Latency via Redundancy},
  booktitle = {Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT)},
  series = {CoNEXT '13},
  year = {2013},
  location = {Santa Barbara, California, USA},
  pages = {283--294},
  numpages = {12},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {latency, performance, reliability}
}

Mittal, R., Sherry, J., Ratnasamy, S., & Shenker, S. (2013). How to Improve Your Network Performance by Asking Your Provider for Worse Service. Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks (HotNets). New York, NY, USA: ACM. [pdf] [bibtex]

BibTeX:

@workshop{mittal-hotnets13,
  author = {Mittal, Radhika and Sherry, Justine and Ratnasamy, Sylvia and Shenker, Scott},
  title = {How to Improve Your Network Performance by Asking Your Provider for Worse Service},
  booktitle = {Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks (HotNets)},
  series = {HotNets-XII},
  year = {2013},
  location = {College Park, Maryland},
  pages = {25:1--25:7},
  articleno = {25},
  numpages = {7},
  publisher = {ACM},
  address = {New York, NY, USA}
}

2012

Sherry, J., Kim, D. C., Mahalingam, S. S., Tang, A., Wang, S., & Ratnasamy, S. (2012). Netcalls: End Host Function Calls to Network Traffic Processing Services (UCB/EECS-2012-175). UC Berkeley, Department of Electrical Engineering and Computer Sciences. [pdf] [abstract] [bibtex]

Abstract: Function calls are a basic primitive by which applications invoke services from external entities. In this paper, we propose “network calls” (netcalls), a general primitive to invoke advanced traffic processing services – such as firewalling or caching – from the network. We design and implement the netcalls API and a backend architecture to support netcalls, allowing end host applications to interact with services not only in their own access network, but any network their traffic traverses. Demonstrating the utility of netcalls, we built three applications to invoke netcalls, along with corresponding network services: interdomain firewalling for DDoS defense,‘opportunistic’ traffic compression, and intrusion detection for mobile phones.
BibTeX:
```
@techreport{sherry-techreport12,
  title = {Netcalls: End Host Function Calls to Network Traffic Processing Services},
  author = {Sherry, J. and Kim, D. C. and Mahalingam, S. S. and Tang, A. and Wang, S. and Ratnasamy, S.},
  institution = {UC Berkeley, Department of Electrical Engineering and Computer Sciences},
  year = {2012},
  type = {UCB/EECS-2012-175}
}
```
Sherry, J. (2012). Future Architectures for Middlebox Processing Services on the Internet and in the Cloud. EECS Department, University of California, Berkeley. [pdf] [abstract] [bibtex]

Abstract: Middleboxes, such as caches, firewalls, and intrusion detection systems, form a vital part of network infrastructure today. Administrators deploy middleboxes in diverse scenarios from enterprise networks, to datacenters, to access networks. However, middleboxes are universally deployed under what we call the ‘unilateral model’, where middleboxes are deployed and configured by administrators alone, for the benefit of hosts in a single domain alone. In this thesis, we present two new deployment models for middleboxes which offer new capabilities for middlebox usage as well as new business models for middlebox deployment. Netcalls is an extension to the Internet architecture that allows end host applications to invoke and configure middleboxes in any network their traffic traverses; for example, we present a web server that invokes inter-domain DDoS defense when it detects that it is under attack. APLOMB is a system that allows enterprise networks (as well as individual end hosts) to tunnel their traffic to and from a cloud service that applies middlebox processing to their traffic, avoiding the costly and management-intensive burden of administering middleboxes in a local network. Netcalls and APLOMB allow ISPs and cloud providers (respectively) to monetize their deployment of middleboxes by offering them as a service to third-party clients; all the while presenting new capabilities, in the case of netcalls by enabling application interaction and in the case of APLOMB by providing better scalability and easier management. We discuss both of these proposals and their benefits in detail; we then discuss challenges and opportunities towards their deployment and adoption.
BibTeX:
```
@thesis{sherry-mastersthesis,
  author = {Sherry, Justine},
  title = {Future Architectures for Middlebox Processing Services on the Internet and in the Cloud},
  school = {EECS Department, University of California, Berkeley},
  year = {2012},
  month = dec,
  number = {UCB/EECS-2012-240}
}
```

Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., & Sekar, V. (2012). Making Middleboxes Someone Else’s Problem: Network Processing As a Cloud Service. In Proceedings of the 2012 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM) (pp. 13–24). New York, NY, USA: ACM. [pdf] [bibtex]

BibTeX:

@inproceedings{sherry-sigcomm12,
  author = {Sherry, Justine and Hasan, Shaddi and Scott, Colin and Krishnamurthy, Arvind and Ratnasamy, Sylvia and Sekar, Vyas},
  title = {Making Middleboxes Someone Else's Problem: Network Processing As a Cloud Service},
  booktitle = {Proceedings of the 2012 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM)},
  series = {SIGCOMM '12},
  year = {2012},
  isbn = {978-1-4503-1419-0},
  location = {Helsinki, Finland},
  pages = {13--24},
  numpages = {12},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {cloud, middlebox, outsourcing}
}

Rao, A., Choffnes, D., Sherry, J., Legaut, A., Krishnamurthy, A., & Dabbous, W. (2012). Meddle: Middleboxes for Increased Transparency and Control of Mobile Traffic. CoNEXT 2012 Student Workshop. New York, NY, USA: ACM. Awarded Best Paper. [pdf] [bibtex]

BibTeX:

@workshop{rao-conextstudent12,
  author = {Rao, A. and Choffnes, D. and Sherry, J. and Legaut, A. and Krishnamurthy, A. and Dabbous, W.},
  title = {Meddle: Middleboxes for Increased Transparency and Control of Mobile Traffic},
  booktitle = {CoNEXT 2012 Student Workshop},
  year = {2012},
  publisher = {ACM},
  address = {New York, NY, USA},
  award = {Best Paper}
}

2010

Katz-Bassett, E., Madhyastha, H. V., Adhikari, V. K., Scott, C., Sherry, J., Van Wesep, P., … Krishnamurthy, A. (2010). Reverse Traceroute. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI) (pp. 15–15). Berkeley, CA, USA: USENIX Association. Awarded Best Paper. [pdf] [bibtex]

BibTeX:

@inproceedings{katzbassett-nsdi10,
  author = {Katz-Bassett, Ethan and Madhyastha, Harsha V. and Adhikari, Vijay Kumar and Scott, Colin and Sherry, Justine and Van Wesep, Peter and Anderson, Thomas and Krishnamurthy, Arvind},
  title = {Reverse Traceroute},
  booktitle = {Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI)},
  series = {NSDI'10},
  year = {2010},
  location = {San Jose, California},
  pages = {15--15},
  numpages = {1},
  publisher = {USENIX Association},
  address = {Berkeley, CA, USA},
  award = {Best Paper}
}

Sherry, J., Katz-Bassett, E., Pimenova, M., Madhyastha, H. V., Anderson, T., & Krishnamurthy, A. (2010). Resolving IP Aliases with Prespecified Timestamps. In Proceedings of the 2010 ACM SIGCOMM Conference on Internet Measurement (IMC) (pp. 172–178). New York, NY, USA: ACM. [pdf] [bibtex]

BibTeX:

@inproceedings{sherry-imc10,
  author = {Sherry, Justine and Katz-Bassett, Ethan and Pimenova, Mary and Madhyastha, Harsha V. and Anderson, Thomas and Krishnamurthy, Arvind},
  title = {Resolving IP Aliases with Prespecified Timestamps},
  booktitle = {Proceedings of the 2010 ACM SIGCOMM Conference on Internet Measurement (IMC)},
  series = {IMC '10},
  year = {2010},
  isbn = {978-1-4503-0483-2},
  location = {Melbourne, Australia},
  pages = {172--178},
  numpages = {7},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {alias resolution, ip options, ip timestamp}
}

Sherry, J. (2010). Applications of the IP Timestamp Option to Internet Measurement. Computer Science & Engineering, University of Washington. Awarded CSE Best Senior Thesis. [pdf] [abstract] [bibtex]

Abstract: Limited support and inconsistent behavior for IP options has led to the common belief that most options cannot be useful. IP timestamp was no exception, until recently, when prespecified IP timestamp measurements were successfully integrated into the Reverse traceroute system. Prespecified timestamps allow the sender to request a series of up to four timestamps from all routers which may receive the packet. Each machine that receives a timestamp probe checks to see whether the next, unstamped IP address matches its own, and if so, provides a timestamp. In this paper, we provide a more extended argument for the role of prespecified timestamps in the measurement toolkit, and demonstrate two new practical use cases for timestamp measurements. We discover over 47% of ICMP ping-responsive routers in our sample support timestamp options, and both document and suggest methods for dealing with some of the differences between implementations of the timestamp option. Where supported, timestamp probes can take advantage of several attributes uncharacteristic of other common measurement tools: a view of the complete path the probe takes, combined responses from up to four requested addresses, and timestamp values from each responsive address. Illustrating these characteristics, we provide several use cases for timestamp probes. First, we describe how timestamps are integrated into the Reverse traceroute system, discovering routers on the path taken from a destination back to the requesting source. Next, we confirm IP aliases by combining multiple timestamp requests for candidate alias pairs in the same probe. In our application, we identify thousands of alias clusters currently unaddressable by the leading alias resolution technique. As our final use case, we apply the literal timestamp values to assessing one-way link delay. With this technique, we measure the delay between backbone PoPs on the Internet2 network with values comparable to those discovered through measurements at the source.
BibTeX:
```
@thesis{sherry-bsthesis,
  author = {Sherry, Justine},
  title = {Applications of the IP Timestamp Option to Internet Measurement},
  school = {Computer Science & Engineering, University of Washington},
  month = mar,
  year = {2010},
  award = {CSE Best Senior Thesis}
}
```

2009

Sherry, J. (2009). Unlocking the Potential of Cell Phones. In ’From the Bottom Up: Rethinking United States Development Assistance’. Editors S. Arbogast, A. O’Leary, W. Latsch. Jackson School of International Studies, University of Washington. [pdf] [abstract] [bibtex]

Abstract: The rapid rise of mobile phone use in poor countries is well known as an exemplary case of a technology enabling bottom-up empowerment through information access, driven by smallmargin business and end-user innovation. While many are not mobile phone owners themselves, few today face a several mile walk to access an often-disconnected landline phone for communication, which was a regular occurrence only ten years ago. But even as some marvel at the rapid changes brought about by mobile phone use, a second generation boom is already occurring, developing innovative applications for the now widespread mobile phone platform. Building off this new connectivity, there are new programs aiming to provide public information access, data storage and accounting, and even mobile banking, mostly utilizing only the cheapest phone models. Whether for-profit or as charity, these applications are seen by many as the next step in leveraging the power of mobile phone diffusion to provide information access cheaply and efficiently to the world’s poorest. While some may see this new movement as over-exuberant, high-profile new programs are being driven by enthusiasts representing the technology industry, academic research groups, and international aid organizations. As a result, the future of mobile phone applications, as well as most technology in development, is relevant to business and trade policy, research investment, as well as traditional development aid programs.
BibTeX:
```
@thesis{sherry-bsthesis2,
  author = {Sherry, Justine},
  title = {Unlocking the Potential of Cell Phones},
  pages = {200-321},
  school = {In 'From the Bottom Up: Rethinking United States Development Assistance'. Editors S. Arbogast, A. O'Leary, W. Latsch. Jackson School of International Studies, University of Washington},
  month = mar,
  year = {2009}
}
```