Six Applied Networking Research Prizes Awarded for 2023

Winners of the award are given the opportunity to present and discuss their work with the engineers, network operators, policy makers and scientists who participate in the IETF and IRTF. The ANRP is supported by the Internet Society, with additional sponsorship from Comcast and NBC Universal.

The 2023 award winners, announced Jan. 9, are:

Simon Scherrer for “Model-Based Insights on the Performance, Fairness, and Stability of BBR”

The research from Scherrer and colleagues focuses on Google’s BBR algorithm, a congestion-control algorithm with an estimated adoption of 40 percent of downstream Internet traffic. With several arguably problematic BBR features discovered, Scherrer’s research presents the first fluid model for BBR, enabling efficient simulations for a wide variety of network settings. A fluid model also allows a theoretical investigation of transient properties of the congestion-control algorithm.

The analysis in the paper not only confirms previously documented issues with BBR, but also enables new insights into the algorithm behavior, according to Scherrer, a Ph.D. student in the Network Security Group at ETH Zurich.

Boris Pismenny for “Autonomous NIC Offloads”

The research from Pismenny and colleagues focuses on offloading layer-5 protocol computation over TCP to network interface cards (NICs). NICs routinely offload layer-4 processing tasks such as checksum and segmentation without offloading all layer-4 functionality. But, layer-5 protocol computation offload depends on offloading all the underlying protocols: TCP, IP, routing, firewall, etc.

"Autonomous NIC offloads" eliminate offload dependence by providing a lightweight software-hardware interface that accelerates layer-5 protocol computations without migrating the entire TCP/IP stack to the NIC. Autonomous TLS offload is already supported on Linux and FreeBSD, and autonomous NVMe-TCP offload is coming soon.

The paper analyses the applicability of autonomous offloads to additional protocols and computations, says Pismenny, a Ph.D. student at the Technion – Israel Institute of Technology’s computer science department in Haifa and a Principal Software Architect at NVIDIA.

Siva Kakarla for “SCALE: Automatically Finding RFC Compliance Bugs in DNS Nameservers”

Kakarla and his colleagues introduce the first approach for finding RFC compliance errors in DNS nameserver implementations through automatic test generation. The group’s SCALE (Small-scope Constraint-driven Automated Logical Execution) approach generates high-coverage tests for covering RFC behaviors.

The researchers built a DNS testing tool called Ferret based on the SCALE approach and applied it to test eight open-source DNS nameserver implementations. Ferret generated over 13,000 test zone files and queries, and 62 percent resulted in some difference among implementations. The group identified and reported 30 new unique bugs from these failed test cases, including at least one bug in every implementation, and most have since been fixed, according to Kakarla, a senior researcher at Microsoft Networking research group.

Dennis Trautwein for “Design and Evaluation of IPFS: A Storage Layer for the Decentralized Web”

Trautwein and his fellow researches evaluate the performance of the InterPlanetary FileSystem (IPFS), which was created in response to growing consolidation of Web operations. While the majority of Web traffic originates from a few organisations, a platform like IPFS provides distributed data storage and delivery services.

IPFS is an open-source, content-addressable peer-to-peer network that already has millions of daily content retrievals and underpins dozens of third-party applications. The paper evaluates the performance of IPFS by introducing a set of complementary measurement methodologies. The research reveals a presence of IPFS nodes in more than 2,700 autonomous systems and 152 countries, with the majority operating outside large central cloud providers like Amazon or Azure, says Trautwein, a research engineer at Protocol Labs.

Arthur Selle Jacobs for “AI/ML for Network Security: The Emperor has No Clothes”

Jacobs and a group of researchers look at recent research efforts that propose machine-learning-based solutions that can detect complex patterns in measured network traffic for a wide range of network security problems. These machine learning models, however, are typically "black-box" in nature, don't disclose how they make their decisions, and network operators tend to be reluctant to trust and deploy them in their production settings.

This distrust is fully justified because these models are known to be prone to the problem of underspecification, the failure to specify a model in adequate detail. Using a novel framework called Trustee, the paper focuses on explaining how black-box models make their decisions by synthesizing high-fidelity and low-complexity decision trees that network operators can use to determine if their machine learning models suffer from underspecification, says Jacobs, who recently earned a Ph.D. in computer science from the Federal University of Rio Grande do Sul.

Ram Sundara Raman for “Network Measurement Methods for Locating and Examining Censorship Devices”

Sundara Raman and colleagues, working with the Citizen Lab, demonstrate robust, general-purpose methods to understand various aspects of Internet censorship devices, by studying devices deployed in Azerbaijan, Belarus, Kazakhstan, and Russia. The research develops a censorship traceroute method, CenTrace, that automatically identifies the network location of censorship devices. 

To collect more features about the devices themselves, the team built a censorship fuzzer, CenFuzz, that uses various HTTP request and TLS Client Hello fuzzing strategies to examine the rules and triggers of censorship devices, says Sundara Raman, a Ph.D. student at the University of Michigan and lead developer at the Censored Planet observatory