| 1 | Welcome | Dirk Kutscher | 05 min |
| 2 | ANRP Talk: A Formal Analysis of SCTP | Jacob Ginesin | 35 min |
| 3 | ANRP Talk: Host Congestion Control | Saksham Agarwal | 35 min |
| 4 | Invited Talk: Low Orbit, High Impact: What We’ve Learned for Netflix Streaming over LEO | Renata Teixeria | 40 min |
| 4 | Wrap-Up | Dirk Kutscher | 05 min |
Please remember that all sessions are being recorded.
Jake Ginesin, Carnegie Mellon University
Jacob Ginesin is a first-year PhD student at Carnegie Mellon
University advised by Bryan Parno, and a cryptographic auditor at
Cure53. He studies formal verification, cryptography, and
programming languages, with a focus on real-world protocols. He
recently completed his undergraduate degree in mathematics at
Northeastern University, where he was advised by Cristina
Nita-Rotaru.
Jacob Ginesin, Max von Hippel, Evan Defloor, Cristina Nita-Rotaru, ann d Michael Tüxen. A Formal Analysis of SCTP: Attack Synthesis and Patch Verification; Proceedings of the USENIX Security Symposium, 2024.
SCTP is a transport protocol offering features such as multi-homing,
multi-streaming, and message-oriented delivery. Its two main
implementations were subjected to conformance tests using the
PacketDrill tool. Conformance testing is not exhaustive and a recent
vulnerability (CVE-2021-3772) showed SCTP is not immune to
attacks. Changes addressing the vulnerability were implemented, but
the question remains whether other flaws might persist in the protocol
design.
We study the security of the SCTP design, taking a rigorous approach
rooted in formal methods. We create a formal Promela model of SCTP,
and define 10 properties capturing the essential protocol
functionality based on its RFC specification and consultation with the
lead RFC author. Then we show using the SPIN model checker that our
model satisfies these properties. We next define 4 representative
attacker models – Off-Path, where the attacker is an outsider that can
spoof the port and IP of a peer; Evil-Server, where the attacker is a
malicious peer; Replay, where an attacker can capture and replay, but
not modify, packets; and On-Path, where the attacker controls the
channel between peers. SCTP was designed to be secure against Off-Path
attackers, and we study the additional models in order to understand
how its security degrades for successively more powerful attacker
types. We modify an attack synthesis tool designed for transport
protocols, KORG, to support our SCTP model and 4 attacker models.
We synthesize the vulnerability reported in CVE-2021- 3772 in the
Off-Path attacker model, when the patch is disabled, and we show that
when enabled, the patch eliminates the vulnerability. We also manually
identify two ambiguities in the RFC, and using KORG, we show that
each, if misinterpreted, opens the protocol to a new Off-Path
attack. We show that SCTP is vulnerable to a variety of attacks when
it is misused in the Evil-Server, Replay, or On-Path attacker models
(for which it was not designed). We discuss these and, when possible,
mitigations thereof. Finally, we propose two RFC errata – one to
eliminate each ambiguity – of which so far, the SCTP RFC committee has
accepted one.
Saksham Agarwal, University of Illinois Urbana-Champaign
Saksham Agarwal is an Assistant Professor in the Department of
Electrical and Computer Engineering at the University of Illinois
Urbana-Champaign. He did his Ph.D at Cornell University and his
undergraduate studies at IIT Kanpur, India. He is a recipient of
SIGCOMM Dissertation Award, Cornell CS Dissertation Award, SIGCOMM
Best Student Paper Awards (in 2024 and 2018), Google Research
Scholar Award, Google PhD Fellowship, and Cornell University
Fellowship. His research interests broadly lie at the intersection
of computer networking, systems, and architecture.
Saksham Agarwal, Arvind Krishnamurthy, and Rachit Agarwal. Host Congestion Control. Proceedings
of the ACM SIGCOMM Conference, 2023.
The conventional wisdom in systems and networking communities is that
congestion happens primarily within the network fabric. However,
adoption of high-bandwidth access links and relatively stagnant
technology trends for resources within hosts have led to emergence of
host congestion---that is, congestion within the host network that
enables data exchange between NIC and CPU/memory. Such host congestion
alters the many assumptions entrenched within decades of research and
practice of congestion control.
We present hostCC, a congestion control architecture to handle both
host and network fabric congestion. hostCC embodies three key
ideas. First, in addition to congestion signals that originate within
the network fabric, hostCC collects host congestion signals that
capture the precise time, location, and reason for host
congestion. Second, hostCC introduces a sub-RTT granularity host-local
congestion response that uses congestion signals to allocate host
resources between network traffic and host-local traffic. Finally,
hostCC uses both host and network congestion signals to allocate
network resources at an RTT granularity.
We realize hostCC within the Linux network stack. Our hostCC
implementation requires no modifications in applications, host
hardware, and/or network hardware; moreover, it can be integrated with
existing congestion control protocols to handle both host and network
fabric congestion. Evaluation of Linux DCTCP with and without hostCC
suggests that, in the presence of host congestion, hostCC
significantly reduces queueing and packet drops at the host, resulting
in improved performance of networked applications in terms of
throughput and tail latency.
Renata Teixeria, Netflix
Renata Teixeira is a Staff Research Scientist on the Streaming
Algorithms team at Netflix. She earned a Ph.D. in Computer Science
from UC San Diego in 2005, conducting research on Internet routing
at AT&T Research. From 2006 to 2013 she was a researcher at
CNRS/LIP6 (UPMC Sorbonne Universités) in Paris, and from 2013 to
2020 a Director of Research at Inria Paris. She was a visiting
scholar at UC Berkeley/ICSI (2011) and Stanford University
(2018–2020). Her work focuses on quality of experience and the
measurement, analysis, and management of data networks. She is an
ACM Distinguished Member, received the ACM IMC Test of Time Award in
2022 for Paris traceroute, and was recognized in 2017 as an N2Women
“Star in Computer Networking and Communications.”
Liz Izhikevich, Reese Enghardt, Te-Yuan Huang, and Renata Teixeira. 2025. A Global Perspective on the Past, Present, and Future of Video Streaming over Starlink. SIGMETRICS Perform. Eval. Rev. 53, 1 (June 2025), 181–182. https://doi.org/10.1145/3744970.3727268
Low Earth Orbit (LEO) Satellite Networks bring broadband to new
places—and new challenges to streaming. Netflix measurements from
millions of households in 147 countries show that LEO now represents a
meaningful share of global streaming traffic. Overall quality can
match terrestrial access, yet rapid throughput swings and packet‑loss
bursts increase bitrate switches and stall risk. We characterize these
effects and LEO’s growing role in video delivery, map the tradeoffs
for transport and adaptive bitrate algorithms, and outline priorities
for future work on Low Earth Orbit streaming.
This talk builds on our SIGMETRICS 2025 study, “A Global Perspective
on the Past, Present, and Future of Video Streaming over Starlink”
(https://dl.acm.org/doi/10.1145/3726854.3727268), in collaboration
with Liz Izhikevich (UCLA), Reese Enghardt (Netflix), and Te‑Yuan
Huang (Netflix).