Eric Keller

Associate Professor at the University of Colorado, Boulder

About


I am an Associate Professor in the ECEE Department at the University of Colorado, and co-founder and CTO of Stateless. At the beginning of the Fall 2021 semester, I returned from a 2 year leave from CU, but I still actively participate in the management of Stateless (as allowed under policy at CU). I am actively looking for PhD students to join my group. My research interests are elaborated below, but in general, my students are interested in systems programming. Entrepreneurial interest is a bonus -- I believe systems research and entrepreneurship go hand-in-hand, and find it a great avenue for students to pursue.

I received my Ph.D. in 2011 from the Electrical Engineering department at Princeton University advised by Jennifer Rexford in the Computer Science department. I was supported by an Intel Ph.D. Fellowship. After Princeton, I spent a year as a post-doc in the Computer and Information Science department at the University of Pennsylvania, working with Jonathan Smith.

Research Statement (2024)

CV (2024)

  • eric.keller@colorado.edu
  • ECCR 1B15
  • 303-492-0125

Interests


Networking

Security

I design and build secure and reliable networked systems using a cross-layer approach that draws from networking, operating systems, distributed systems, and computer architecture. My approach is to challenge existing assumptions – rather than solving a problem on top of the system, I look to change the system to make the problem go away fundamentally. With this, a cross-layer approach is central to my research as any given solution might straddle several of these areas.

Programmable Infrastructure

My research introduces new systems, algorithms, and abstractions to enable a more manageable network and computing infrastructure. This is rooted in the fact that a significant portion of security and reliability issues are often a result of limitations in the management of networked systems. My research has been enabling and capitalizing on a more dynamic and programmable computing and network infrastructure, via such technologies as virtualization, software-defined networking, and the movement toward cloud based services.

Change the assumptions

Entrepreneurship


logo of Stateless

Stateless - Stateless was founded in 2016 with the mission of making even the most sophisticated and dynamic networks dead simple to manage. After years working together, Murad Kablan and I formed the company as a spin-off of our research at CU (see our NSDI 2017 paper). Our technology addresses the root of the problem which prevents networks from achieving true agility -- state. Find an overview of the company on our website.

Status: Active. Raised $20M+ in VC funding from Foundry Group, Drive Capital, and Speed Invest, and $1.7M in grants from the NSF (SBIR) and State of Colorado (OEDIT AIA)

logo of Clear Creek Networks

Clear Creek Networks - Along with two M.S. students, I co-founded CCN in 2013 to bring software-defined networking technology to the next generation electrical grid -- addressing the disconnect between the power engineers and the network engineers. Ultimately we were unable to breakthrough this industry. Key lessons: need to investigate product market fit more aggressively up front, trust between co-founders is critical.

Status: Dissolved

Programs participated in:

logo of Techstars
logo of Catalyze CU-Boulder
logo of New Venture Challenge Boulder
logo of I-Corps
logo of Surge Accelelator

Students


Current:

placeholder

Maziyar Nazari

PhD CS (expected 2024)

Website

placeholder

Erika Hunhoff

PhD CS (expected 2024) (co-advised with Eric Rozner)

Website

placeholder

Bashayer Alharbi

PhD CS (expected 2026)

Website

placeholder

Dustin Hooks

PhD CS (expected 2027)

Website

placeholder

Shirin Ebadi

PhD ECEE (expected 2027)

Website

placeholder

Giulio Sidoretti

PhD (Visiting from Univ. of Rome Tor Vergata

Website

Alumni:

Karl Olson, 2024

Ph.D. in CS - Where is the Incentive? Rethinking Approaches to Security in Networks.
First job -- US Military Academy/Army Cyber Institute

Greg Cusack, 2022

Ph.D. in ECEE - Enabling Application-Specific Programmable Compute Infrastructure.
First job -- Solana

Marcelo Abranches, 2022

Ph.D. in ECEE - Synergistic Server-Based Network Processing Stack.
First job -- CGU (in Brazil)

Sepideh Goodarzy, 2022

Ph.D. in CS (co-advised with Rick Han) - SmartOS: Automating Allocation of Operating System Resources to User Preferences via Reinforcement Learning.
First job -- Google

Albert Vilardell Barnosell, 2022

B.S. in CS from UPC (thesis work done at CU as visiting student) (co-advised with Tamara Lehman) - Virtualization of programmable switches on top of an FPGA board.

Mohammad Hashemi, 2021

Ph.D. in CS - Detecting Anomalies in Network Systems by Leveraging Neural Networks.
First job -- Data Scientist at Illumina

Azzam Alsudais, 2020

Ph.D. in CS - Efficient Approaches for Homing Complex Network Services.
First job -- Assistant professor at King Saud University (Computer Science Department)

Oliver Michel, 2019

Ph.D. in CS - Packet-Level Network Telemetry and Analytics.
First job -- Cloud Architect at TourRadar, then post-doc at Univ of Vienna

Aimee Coughlin, 2018

Ph.D. in ECEE - Enabling User Space Secure Hardware.
First job -- Security Engineer at Facebook

Murad Kablan, 2017

Ph.D. in Computer Science - StatelessNF: A Disaggregated Architecture for Network Functions.
First job -- CEO and co-founder Stateless

Edgar González Quevedo, 2017

M.S. from UPC (thesis work done at CU as visiting student) - Analysis, experimentation and improvement of a system of "Crowdsourced" home cyber security .

Anurag Dubey, 2017

M.S. in ECEE - Timing and Latency Characteristics in Disaggregated Systems.
First job -- Xilinx

Ali Ismail, 2015

M.S. in ECEE - Cloud RTR: Cloud Infrastructure for Apps with Hardware.
First job -- Synchroness

Ryan Hand, 2014

M.S. in Computer Science - Toward An Active Network Security Architecture.
First job -- Instructor USMA

Matt Monaco, 2013

M.S. in Computer Science - A Filesystem Abstraction for Multiple Actors in a Distributed Software Defined Network.
First job -- Google

MS (non-thesis): Dwight Browne (2023), Chethan Kavaraganahalli Prasanna (2023), Akshay Abhyankar (2023), Sreeram Ganesan (2023), Sachin Sharma (2023), Rajeev Menon (2023), Swaminathan Sriram (2022), Evan Braun (2022), George Nsude (2022), Prerit Oberai (2019), Bharat Nallan (2017), Kelly Kaoudis (2015).

M.S. -- each were contributing reserch members of my research group, whether through an official means such as an Independent Study, or unofficially contributing to a project on their own.

Undergraduates (non-thesis): Alex Tsankov (AY 2014-15), Sean Lambert (AY 2015-16), Ji-hoon Kim (AY 2015-16), Yiming Wang (AY 2016-17), Jeffery Lim (AY 2016-17), Pranav Subramanian (AY 2021-22)

B.S. -- each performed undergraduate research as part of programs like the discovery learning apprenticeship (DLA).

Funding


logo of NSF

CNS Core: Small: Transparent Network Acceleration

Role: PI

Dates: 2023-2026

Award: $604,728 (total)

Collaborators: Tamara Lehman

With the increase in connected devices comes an increase in network traffic. Applications that we use every day, such as video conferencing, each need to have traffic processed to secure and optimize the application. Current network infrastructure is showing signs that in the near future it won't be able to keep up with the growing demand or increased needs, such as having higher definition video calls with more participants and imperceptible delays in the communication. While some solutions have been proposed to help solve this problem, they do so at the cost of compatibility, which would require rewriting a large body of software that has been developed and tested over the course of over a decade. This proposal introduces a new way of thinking about the way network traffic is handled that will enable both forward and backwards compatibility with modern software while meeting the needs of applications.

In particular, this proposal introduces Transparent Network Acceleration (TNA), which is a novel architecture that decomposes Linux network functionality into fast-path and slow-path functions with explicitly optimized execution environments for each. TNA dynamically and automatically builds a minimal fast path that is instantiated and adjusted at run-time, leading to a transparently accelerated networking stack that fully retains the Linux networking interfaces. Two core mechanisms are introduced. First, to create a highly efficient fast path, TNA automatically and dynamically instantiates only the part of the network stack that is used. New techniques are introduced to introspect the Linux kernel, build a dependency graph of functions, and assemble and deploy an optimal fast path. Second, it targets two fast-path execution environments from a single source code description of modules: (i) the eXpress Data Path (XDP), for in-kernel processing, and (ii) a field programmable gate array (FPGA) based SmartNIC, for hardware accelerated processing. As part of these targets, the design of modules, the compilation to hardware or software, and synchronizing the state represent a novel and complete design flow. In order to demonstrate the effectiveness of these two core mechanisms, we complete the project with a case study of automatically accelerating a selective forwarding unit (SFU) video conferencing network function deployed with considerations such as firewalling and container networking.

logo of NSF

NSF Converence Accelerator Track G: 5G Hidden Operations through Securing Traffic (GHOST) Phase 2

Role: co-PI

Dates: 2023-2025

Award: $4,983,234 (total)

Collaborators: Keith Gremban (PI), Alexandra Siegel, Tamara Lehman, Salvador D'Itri

The proliferation of 5G networks around the world presents an attractive opportunity for U.S. government organizations, nongovernmental humanitarian aid organizations, and private sector enterprises to eliminate the costs of installing and maintaining an alternate communications infrastructure by making use of indigenous 5G networks. However, in many areas of the world, 5G networks are deployed and operated by organizations that are untrusted and potentially hostile to the U.S. In these environments, new security technologies are needed to secure operations. While 5G encrypts data packets and subscriber IDs, analysis of network activity can reveal detailed information about individuals and groups. For example, pattern-of-life analysis can be used to identify and track users. Similarly, traffic analysis can reveal details of an organization?s structure and operations. The 5G Hidden Operations through Securing Traffic (GHOST) project provides four additional layers of security to protect against these threats. First, GHOST protects individuals by swapping subscriber and device IDs, along with usage patterns, or personas. Second, GHOST prevents traffic analysis by introducing ghost users and ghost traffic into the network to obscure real activity. Third, the GHOST project further frustrates traffic analysis by injecting ?false flag? traffic that models real events and operations. Finally, GHOST secures devices at the hardware level by locating GHOST software inside Trusted Execution Environments (TEEs). The GHOST technology will enable organizations to securely operate over foreign 5G networks, regardless of the politics of the network operators.

GHOST addresses threats that cannot be countered by traditional cyber security solutions. The GHOST project will demonstrate an integrated solution on a real 5G network and evaluate GHOST effectiveness in multiple operational scenarios. The GHOST project will yield four major intellectual benefits to the research and operational communities. (i) First, the GHOST project will deliver technology to anonymize or disguise end-user identities and their association with locations, and communications endpoints. End-user identities will be protected by dynamically allocating software defined credentials and associated software defined personas. Association with locations are protected by correlating movement history with compromising patterns of movement. Communications connections are protected by peer-to-peer anonymization. (ii) Second, the GHOST project will deliver technology to overlay normal network activity with ghost activity to obfuscate traffic analysis and hide regular patterns of activity or changes in activity. (iii) Third, the GHOST project will deliver technology to model, generate, and inject ?false flag? traffic into the network to make it appear to a network analyst that a real event is occurring at a particular location. (iv) Fourth, the GHOST project will deliver technology that will protect end-user devices and non-indigenous networking equipment from penetration and compromise through the use of TEEs. The idea behind a TEE is that no software, privileged or not, should be able to access or modify protected data. TEEs enable the process of attestation of both the hardware and the software. The GHOST software will run inside the TEE to be able to attest to the security of the protocol and protect it in case of capture.

GHOST technology will benefit end-users of any untrusted network, not just untrusted 5G networks. The primary criteria for success of the GHOST project will be: (i) Prevention of identification and tracking of individuals by a network operator. (ii) Inability of a network analyst to determine regular activity patterns, or significant changes in activity. (iii) Mis-leading a network analyst by injection of ?false flag? activity. (iv) GHOST software deployment in TEEs with no observable degradation in device performance.

Past:

logo of NSF

NSF Convergence Accelerator Track G: 5G Hidden Operations through Securing Traffic (GHOST)

Role: co-PI

Dates: 2022-2024

Award: $749,186 (total)

Collaborators: Keith Gremban (PI), Alexandra Siegel, Tamara Lehman, Salvador D'Itri

SDI-CSCS: S2OS - Enabling Infrastructure-Wide Programmable Security with SDI

Role: co-PI

Collaborators: Guofei Gu (PI), Hongxin Hu, Zhiqiang Lin, Don Porter

Dates: 2017-2021

Award: $3M (total) $599,489 (Colorado)

I-Corps: Elastic Network Infrastructure

Role: PI

2016-2018

$50,000 (total)

TWC: Medium: Active Security

Role: PI

Collaborators: Adam Aviv, Jonathan M. Smith

2014-2018

$1.2M (total), $746,537 (Colorado)

XPS: SDA: Elasticizing the Linux Operating System for the Cloud

Role: co-PI

Collaborators: Richard Han (Colorado)

2013-2018

$749,992

NeTS: Small: Liquid Networking

Role: PI (sole)

Active: 2013-2017

Amount: $500,000

Research Gift

Role: PI (sole)

Active: One time gift in 2012

Teaching


Computer Organization (ECEN 3593 / CSCI 4593)

Spring 2023

Advanced Network Systems (ECEN 5565 / CSCI 7000)

Fall 2022

Computer Organization (ECEN 3593 / CSCI 4593)

Spring 2022

DevOps In the Cloud

Fall 2021

Programming Digital Systems (ECEN 3350)

Spring 2019

DevOps in the Cloud (ECEN 5033)

Fall 2018

Programming Digital Systems (ECEN 3350)

Spring 2018

Advanced Computer and Networked System Security (ECEN 5008-0004/CSCI 7000-0010)

Fall 2017

Programming Digital Systems (ECEN 3350)

Spring 2017

Advanced Network Systems (ECEN 5012-002/CSCI 7000-0009)

Fall 2016

Programming Digital Systems (ECEN 3350)

Spring 2016

Advanced Network Systems (ECEN 5013/CSCI 7000-0007)

Fall 2015

Intro to Programming for ECEE (C and Matlab) (ECEN 1310)

Spring 2015

Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-009)

Fall 2014

Advanced Networking (ECEN 5023 / CSCI 7000-005)

Spring 2014

Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-010)

Fall 2013

Advanced Networking (ECEN 5023 / CSCI 7000-005)

Spring 2013

Software Defined Networking (ECEN 5013)

Fall 2012