Eric Keller

Associate Professor at the University of Colorado, Boulder


I am an Associate Professor in the ECEE Department at the University of Colorado, and co-founder and CTO of Stateless. I'm currently on-leave from the University and working at Stateless, but retain an active research group at the University. I am actively looking for PhD students to join my group. My research interests are elaborated below, but in general, my students are interested in systems programming. Entrepreneurial interest is a bonus -- I believe systems research and entrepreneurship go hand-in-hand, and find it a great avenue for students to pursue.

I received my Ph.D. in 2011 from the Electrical Engineering department at Princeton University advised by Jennifer Rexford in the Computer Science department. I was supported by an Intel Ph.D. Fellowship. After Princeton, I spent a year as a post-doc in the Computer and Information Science department at the University of Pennsylvania, working with Jonathan Smith.

Research Statement (2018)

CV (2018)

  • ECOT 351
  • 303-492-0125




I design and build secure and reliable networked systems using a cross-layer approach that draws from networking, operating systems, distributed systems, and computer architecture. My approach is to challenge existing assumptions – rather than solving a problem on top of the system, I look to change the system to make the problem go away fundamentally. With this, a cross-layer approach is central to my research as any given solution might straddle several of these areas.

Programmable Infrastructure

My research introduces new systems, algorithms, and abstractions to enable a more manageable network and computing infrastructure. This is rooted in the fact that a significant portion of security and reliability issues are often a result of limitations in the management of networked systems. My research has been enabling and capitalizing on a more dynamic and programmable computing and network infrastructure, via such technologies as virtualization, software-defined networking, and the movement toward cloud based services.

Change the assumptions


logo of Stateless

Stateless - Stateless was founded in 2016 with the mission of making even the most sophisticated and dynamic networks dead simple to manage. After years working together, Murad Kablan and I formed the company as a spin-off of our research at CU (see our NSDI 2017 paper). Our technology addresses the root of the problem which prevents networks from achieving true agility -- state. Find an overview of the company on our website.

Status: Active ( $11.3M Series A in Nov 2018, $1.2M in grants from the NSF (SBIR) and State of Colorado (OEDIT AIA), $1.4M seed round in Nov. 2017)

logo of Clear Creek Networks

Clear Creek Networks - Along with two M.S. students, I co-founded CCN in 2013 to bring software-defined networking technology to the next generation electrical grid -- addressing the disconnect between the power engineers and the network engineers. Ultimately we were unable to breakthrough this industry. Key lessons: need to investigate product market fit more aggressively up front, trust between co-founders is critical.

Status: Dissolved

Programs participated in:

logo of Techstars
logo of Catalyze CU-Boulder
logo of New Venture Challenge Boulder
logo of I-Corps
logo of Surge Accelelator




Mohammad Hashemi

PhD CS (expected 2021)



Greg Cusack

PhD ECEE (expected 2022)



Marcelo Abranches

PhD ECEE (expected 2022)



Karl Olson

PhD CS (expected 2022)



Maziyar Nazari

PhD CS (expected 2023)



Sepideh Goodarzy

PhD CS (expected 2023) (co-advised with Rick Han)



Dwight Browne

PhD CS (expected 2023)



Azzam Alsudais, 2020

Ph.D. in CS - Efficient Approaches for Homing Complex Network Services.
First job -- Assistant professor at King Saud University (Computer Science Department)

Oliver Michel, 2019

Ph.D. in CS - Packet-Level Network Telemetry and Analytics.
First job -- Cloud Architect at TourRadar, then post-doc at Univ of Vienna

Aimee Coughlin, 2018

Ph.D. in ECEE - Enabling User Space Secure Hardware.
First job -- Security Engineer at Facebook

Bharat Nallan, 2017

M.S. in ECEE (non-thesis)
First job -- CloudFlare

Murad Kablan, 2017

Ph.D. in Computer Science - StatelessNF: A Disaggregated Architecture for Network Functions.
First job -- CEO and co-founder Stateless

Edgar González Quevedo, 2017

M.S. from UPC (thesis work done at CU as visiting student) - Analysis, experimentation and improvement of a system of "Crowdsourced" home cyber security .

Anurag Dubey, 2017

M.S. in ECEE - Timing and Latency Characteristics in Disaggregated Systems.
First job -- Xilinx

Ali Ismail, 2015

M.S. in ECEE - Cloud RTR: Cloud Infrastructure for Apps with Hardware.
First job -- Synchroness

Ryan Hand, 2014

M.S. in Computer Science - Toward An Active Network Security Architecture.
First job -- Instructor USMA

Matt Monaco, 2013

M.S. in Computer Science - A Filesystem Abstraction for Multiple Actors in a Distributed Software Defined Network.
First job -- Google

Kelly Kaoudis, 2015

M.S. (non-thesis) in Computer Science.
First job -- Twitter

Undergraduates: Alex Tsankov (AY 2014-15), Sean Lambert (AY 2015-16), Ji-hoon Kim (AY 2015-16), Yiming Wang (AY 2016-17), Jeffery Lim (AY 2016-17)

B.S. -- each performed undergraduate research as part of the discovery learning apprenticeship program.


logo of NSF

CAREER: Stateless Network Functions: Building a Better Network Through Disaggregation

Role: PI (sole)

Dates: 2017-2022

Award: $627,999

To improve performance, security, and reliability, network practitioners have moved away from the principle of a stateless network and added stateful processing to devices such as internet firewalls, load balancers, and intrusion detection systems. In doing so, networks have become increasingly complex and brittle. The research objective of this proposal is to provide the foundation for a transformative network architecture based on disaggregated virtual network functions. Developing this capability will improve the performance and operation of virtualized computing systems, including compute clouds, and ultimately make US information technology capabilities more competitive.

This project will introduce the new systems and algorithms to make a disaggregated network function architecture possible, leveraging recent advances in distributed systems in low-latency data stores, and the unique properties of network processing that can be used to optimize the interface between the processing and state. Specifically, this proposal will: 1) develop the algorithmic and system underpinnings that overcome the challenges in achieving the needed performance in the face of added latency, overhead in accessing state, and concurrent execution; and 2) create novel network management capabilities that leverage disaggregated network functions to realize a network function infrastructure that is efficient and robust to load changes, component failures, and software or configuration updates.

SDI-CSCS: S2OS - Enabling Infrastructure-Wide Programmable Security with SDI

Role: co-PI

Collaborators: Guofei Gu (PI), Hongxin Hu, Zhiqiang Lin, Don Porter

Dates: 2017-2021

Award: $3M (total) $599,489 (Colorado)

Traditionally, many of our critical systems have been developed with security as a reactive add-on, rather than a by default design. As a result, existing security mechanisms are often fragmented, hard to configure or verify, which makes it difficult to defend against various cyber attacks. This project will build the "holy grail" for enterprise/cloud/data-center security management with software-defined infrastructure (SDI): a unified framework for security and management of disparate resources, ranging from processes to storage to networking. Cloud computing is now an essential part of our national cyberinfrastructure; the proposed work will lower the total cost of ownership for clouds - further unlocking economic and environmental benefits - as well as improving the security of today's clouds.

This project proposes S2OS (SDI-defined Security Operating System), which abstracts security capabilities and primitives at both the host Operating System (OS) and network levels and offers an easy-to-use and programmable security model for monitoring and dynamically securing applications. This project will explore new techniques to transparently compose software into a unified enterprise, even if the individual pieces were never explicitly designed to inter-operate, similar in a way a traditional operating system managing various hardware resources for upper-layer user applications. Further, this project will contribute new ways to leverage global information for making effective local security management decisions. Finally, this project enables new innovations in programming dynamic, host-network coordinated, and intelligent security applications to protect the entire infrastructure.

This project will make significant contributions to how enterprise, data centers and cloud computing are securely built and managed. The project's PIs will engage in educational and outreach activities to train the next generation talent. In particular, the PIs plan to integrate the interdisciplinary research ideas into courses spanning networking, systems and security. The project will also actively encourage participation from underrepresented groups and transfer technology to industry partners.

logo of NSF

I-Corps: Elastic Network Infrastructure

Role: PI


$50,000 (total)

The broader impact/commercial potential of this I-Corps project rests in the creation of a new category of how networking is offered. Rather than offered as a static collection of physical appliances to be managed by a company's IT staff, this project aims to provide network processing as a service, and in turn reduce capital costs (through more efficient use of resources), as well as operational costs (by simplifying management). In effect, it seeks to do for networking what cloud computing did for computing. Target markets include traditional enterprise networks, which can replace their physical network devices with this service to save money and simplify management, and Cloud and telecom service providers which could offer the service as an add-on feature to their customers in order to increase revenue. As more devices come online, as more traffic traverses a network, and as networks further become more integral to business operations, the needs for more reliable and efficient networks will likewise increase.

This I-Corps project explores the market for a new approach to network functions virtualization, where network functions are disaggregated into separate processing and state storage components. Experiments have shown seamless scalability, disruptionless failure management, and processing rates in line with other software solutions. The aim of this I-Corps project is to interview a large number of potential customers to understand their current and future needs, challenges, and operations. With this, the commercial viability and value proposition of the 'stateless' network functions technology will be better understood.

logo of NSF

TWC: Medium: Active Security

Role: PI

Collaborators: Adam Aviv, Jonathan M. Smith


$1.2M (total), $746,537 (Colorado)

Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it. This research introduces Active Security, which is an architectural approach with fundamental advantages for network defenders; Active Security continuously senses threats and adapts defenses to those threats, including those previously unseen.

Active Security prototyping and applications incorporate a novel high-rate decision procedure that avoids manual intervention. The project addresses: (1) the characteristics of network 'sensors' most useful to an observe-orient-decide-act (OODA) loop; (2) decision and control algorithms for determining appropriate actions based on sensed events; (3) the infrastructure required for robust and trustworthy systems requiring minimal human-in-the-loop interaction; (4) automated defense approaches viable in diverse network settings that do no harm and are recoverable; and (5) metrics for performance assessment of an Active Security system such as responsiveness and accuracy.

Active Security's central themes of network security, network sensing, and automated defenses integrate naturally into both graduate and undergraduate education at participating institutions, including both midshipmen at the United States Naval Academy and cadets at the United States Military Academy. Network security is an increasing concern for society at large, and an Active Security implementation is straightforward to deploy on networks equipped with programmable software defined networking (SDN) controllers, a technology increasingly present in data center, carrier and enterprise networks.

logo of NSF

XPS: SDA: Elasticizing the Linux Operating System for the Cloud

Role: co-PI

Collaborators: Richard Han (Colorado)



One of the major recent advances in computing is the development of large scale data centers, wherein hundreds of thousands of computers may be housed in each data center. In cloud computing, individual applications can each lease computing space to execute on one or more of a data center?s computers. Cloud applications often need to dynamically adjust the amount of resources that they lease, elastically scaling up or down the amount of processing, memory, storage and/or network bandwidth that they need. Today's cloud-based systems burden application developers by requiring elasticity to be explicitly encoded into their software. This project seeks instead to investigate an approach that eases the task of elasticizing cloud-based applications by automatically incorporating elasticity at the operating system (OS) level to support dynamic scaling of applications. This project plans to develop an open source software tool called ElasticOS that incorporates elasticity into the Linux OS, with the hope that such a practical tool could lead to significant broader impacts for society, namely transforming the way that major cloud providers deploy applications within their cloud infrastructure, and benefiting application developers by easing the complexity of elastic programming in the cloud.

The intellectual merit and research advances expected from this project concern the development of novel techniques and tools for supporting elasticity of memory, networking, storage, and processing in cloud-based modern operating systems. In particular, the project will explore the feasibility and performance of a new concept to achieve elastic memory by stretching of processes/threads across cloud machines using the idea of elastic page tables. Further research challenges expected to be addressed by the proposal include the following: identifying and building the major components of an elastic OS architecture; devising a way to unify the network address space across multiple nodes so that network I/O can be treated as elastic; discovering a practical adaptive online algorithm for page clustering and placement that exploits application locality and parallelism; extending network elasticity to on-chip networking; discovering methods to accommodate multi-threading in elasticity; and developing a timely and accurate protocol for discovering available elastic cloud resources. The project intends to test four different types of standard applications on top of ElasticOS in order to better understand how to tune the elasticity: a large in-memory database application; a compute-intensive application; a network-intensive Web server application; and a ubiquitous computing application. The PIs are highly qualified to pursue the proposed research, and have well-known expertise in operating systems, networking, mobile cloud computing, computer architecture, wireless sensor networks, and distributed systems. Additional important broader impacts for society resulting from this project are expected to include enhancing the curriculum of advanced graduate systems courses and enabling undergraduate students, underrepresented minorities and women to participate in the project through programs such as REU and the Colorado Diversity Initiative.


NeTS: Small: Liquid Networking

Role: PI (sole)

Active: 2013-2017

Amount: $500,000

Research Gift

Role: PI (sole)

Active: One time gift in 2012


Programming Digital Systems (ECEN 3350)

Spring 2019

DevOps in the Cloud (ECEN 5033)

Fall 2018

Programming Digital Systems (ECEN 3350)

Spring 2018

Advanced Computer and Networked System Security (ECEN 5008-0004/CSCI 7000-0010)

Fall 2017

Programming Digital Systems (ECEN 3350)

Spring 2017

Advanced Network Systems (ECEN 5012-002/CSCI 7000-0009)

Fall 2016

Programming Digital Systems (ECEN 3350)

Spring 2016

Advanced Network Systems (ECEN 5013/CSCI 7000-0007)

Fall 2015

Intro to Programming for ECEE (C and Matlab) (ECEN 1310)

Spring 2015

Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-009)

Fall 2014

Advanced Networking (ECEN 5023 / CSCI 7000-005)

Spring 2014

Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-010)

Fall 2013

Advanced Networking (ECEN 5023 / CSCI 7000-005)

Spring 2013

Software Defined Networking (ECEN 5013)

Fall 2012