I am an Assistant Professor in the ECEE Department at the University of Colorado, and co-founder and CTO of Stateless. I am actively looking for PhD students to join my group. My research interests are elaborated below, but in general, my students are interested in systems programming. Entrepreneurial interest is a bonus -- I believe systems research and entrepreneurship go hand-in-hand, and find it a great avenue for students to pursue.
I received my Ph.D. in 2011 from the Electrical Engineering department at Princeton University advised by Jennifer Rexford in the Computer Science department. I was supported by an Intel Ph.D. Fellowship. After Princeton, I spent a year as a post-doc in the Computer and Information Science department at the University of Pennsylvania, working with Jonathan Smith.
- ECOT 351
I design and build secure and reliable networked systems using a cross-layer approach that draws from networking, operating systems, distributed systems, and computer architecture. My approach is to challenge existing assumptions – rather than solving a problem on top of the system, I look to change the system to make the problem go away fundamentally. With this, a cross-layer approach is central to my research as any given solution might straddle several of these areas.
My research introduces new systems, algorithms, and abstractions to enable a more manageable network and computing infrastructure. This is rooted in the fact that a significant portion of security and reliability issues are often a result of limitations in the management of networked systems. My research has been enabling and capitalizing on a more dynamic and programmable computing and network infrastructure, via such technologies as virtualization, software-defined networking, and the movement toward cloud based services.
Change the assumptions
Stateless - Stateless was founded in 2016 with the mission of making even the most sophisticated and dynamic networks dead simple to manage. After years working together, Murad Kablan and I formed the company as a spin-off of our research at CU. Our technology addresses the root of the problem which prevents networks from achieving true agility -- state. Find an overview of the company on our website and in our Techstars demo day video.
Status: Active ($1.4M seed round in Nov. 2017)
Clear Creek Networks - Along with two M.S. students, I co-founded CCN in 2013 to bring software-defined networking technology to the next generation electrical grid -- addressing the disconnect between the power engineers and the network engineers. Ultimately we were unable to breakthrough this industry. Key lessons: need to investigate product market fit more aggressively up front, trust between co-founders is critical.
Programs participated in:
PhD ECEE (expected 2018)
PhD CS (expected 2018)
PhD CS (expected 2019)
PhD CS (expected 2019)
PhD ECEE (expected 2021)
Bharat Nallan, 2017
M.S. in ECEE (non-thesis)
First job -- CloudFlare
Murad Kablan, 2017
Ph.D. in Computer Science - StatelessNF: A Disaggregated Architecture for Network Functions.
First job -- CEO and co-founder Stateless
Edgar González Quevedo, 2017
M.S. from UPC (thesis work done at CU as visiting student) - Analysis, experimentation and improvement of a system of "Crowdsourced" home cyber security .
Anurag Dubey, 2017
M.S. in ECEE - Timing and Latency Characteristics in Disaggregated Systems.
First job -- Xilinx
Ali Ismail, 2015
M.S. in ECEE - Cloud RTR: Cloud Infrastructure for Apps with Hardware.
First job -- Synchroness
Ryan Hand, 2014
M.S. in Computer Science - Toward An Active Network Security Architecture.
First job -- Instructor USMA
Matt Monaco, 2013
M.S. in Computer Science - A Filesystem Abstraction for Multiple Actors in a Distributed Software Defined Network.
First job -- Google
Kelly Kaoudis, 2015
M.S. (non-thesis) in Computer Science.
First job -- Twitter
Undergraduates: Alex Tsankov (AY 2014-15), Sean Lambert (AY 2015-16), Ji-hoon Kim (AY 2015-16), Yiming Wang (AY 2016-17), Jeffery Lim (AY 2016-17)
B.S. -- each performed undergraduate research as part of the discovery learning apprenticeship program.
CAREER: Stateless Network Functions: Building a Better Network Through Disaggregation
Role: PI (sole)
To improve performance, security, and reliability, network practitioners have moved away from the principle of a stateless network and added stateful processing to devices such as internet firewalls, load balancers, and intrusion detection systems. In doing so, networks have become increasingly complex and brittle. The research objective of this proposal is to provide the foundation for a transformative network architecture based on disaggregated virtual network functions. Developing this capability will improve the performance and operation of virtualized computing systems, including compute clouds, and ultimately make US information technology capabilities more competitive.
This project will introduce the new systems and algorithms to make a disaggregated network function architecture possible, leveraging recent advances in distributed systems in low-latency data stores, and the unique properties of network processing that can be used to optimize the interface between the processing and state. Specifically, this proposal will: 1) develop the algorithmic and system underpinnings that overcome the challenges in achieving the needed performance in the face of added latency, overhead in accessing state, and concurrent execution; and 2) create novel network management capabilities that leverage disaggregated network functions to realize a network function infrastructure that is efficient and robust to load changes, component failures, and software or configuration updates.
SDI-CSCS: S2OS - Enabling Infrastructure-Wide Programmable Security with SDI
Collaborators: Guofei Gu (PI), Hongxin Hu, Zhiqiang Lin, Don Porter
Award: $3M (total) $599,489 (Colorado)
Traditionally, many of our critical systems have been developed with security as a reactive add-on, rather than a by default design. As a result, existing security mechanisms are often fragmented, hard to configure or verify, which makes it difficult to defend against various cyber attacks. This project will build the "holy grail" for enterprise/cloud/data-center security management with software-defined infrastructure (SDI): a unified framework for security and management of disparate resources, ranging from processes to storage to networking. Cloud computing is now an essential part of our national cyberinfrastructure; the proposed work will lower the total cost of ownership for clouds - further unlocking economic and environmental benefits - as well as improving the security of today's clouds.
This project proposes S2OS (SDI-defined Security Operating System), which abstracts security capabilities and primitives at both the host Operating System (OS) and network levels and offers an easy-to-use and programmable security model for monitoring and dynamically securing applications. This project will explore new techniques to transparently compose software into a unified enterprise, even if the individual pieces were never explicitly designed to inter-operate, similar in a way a traditional operating system managing various hardware resources for upper-layer user applications. Further, this project will contribute new ways to leverage global information for making effective local security management decisions. Finally, this project enables new innovations in programming dynamic, host-network coordinated, and intelligent security applications to protect the entire infrastructure.
This project will make significant contributions to how enterprise, data centers and cloud computing are securely built and managed. The project's PIs will engage in educational and outreach activities to train the next generation talent. In particular, the PIs plan to integrate the interdisciplinary research ideas into courses spanning networking, systems and security. The project will also actively encourage participation from underrepresented groups and transfer technology to industry partners.
I-Corps: Elastic Network Infrastructure
The broader impact/commercial potential of this I-Corps project rests in the creation of a new category of how networking is offered. Rather than offered as a static collection of physical appliances to be managed by a company's IT staff, this project aims to provide network processing as a service, and in turn reduce capital costs (through more efficient use of resources), as well as operational costs (by simplifying management). In effect, it seeks to do for networking what cloud computing did for computing. Target markets include traditional enterprise networks, which can replace their physical network devices with this service to save money and simplify management, and Cloud and telecom service providers which could offer the service as an add-on feature to their customers in order to increase revenue. As more devices come online, as more traffic traverses a network, and as networks further become more integral to business operations, the needs for more reliable and efficient networks will likewise increase.
This I-Corps project explores the market for a new approach to network functions virtualization, where network functions are disaggregated into separate processing and state storage components. Experiments have shown seamless scalability, disruptionless failure management, and processing rates in line with other software solutions. The aim of this I-Corps project is to interview a large number of potential customers to understand their current and future needs, challenges, and operations. With this, the commercial viability and value proposition of the 'stateless' network functions technology will be better understood.
TWC: Medium: Active Security
Collaborators: Adam Aviv, Jonathan M. Smith
$1.2M (total), $746,537 (Colorado)
Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it. This research introduces Active Security, which is an architectural approach with fundamental advantages for network defenders; Active Security continuously senses threats and adapts defenses to those threats, including those previously unseen.
Active Security prototyping and applications incorporate a novel high-rate decision procedure that avoids manual intervention. The project addresses: (1) the characteristics of network 'sensors' most useful to an observe-orient-decide-act (OODA) loop; (2) decision and control algorithms for determining appropriate actions based on sensed events; (3) the infrastructure required for robust and trustworthy systems requiring minimal human-in-the-loop interaction; (4) automated defense approaches viable in diverse network settings that do no harm and are recoverable; and (5) metrics for performance assessment of an Active Security system such as responsiveness and accuracy.
Active Security's central themes of network security, network sensing, and automated defenses integrate naturally into both graduate and undergraduate education at participating institutions, including both midshipmen at the United States Naval Academy and cadets at the United States Military Academy. Network security is an increasing concern for society at large, and an Active Security implementation is straightforward to deploy on networks equipped with programmable software defined networking (SDN) controllers, a technology increasingly present in data center, carrier and enterprise networks.
XPS: SDA: Elasticizing the Linux Operating System for the Cloud
Collaborators: Richard Han (Colorado)
One of the major recent advances in computing is the development of large scale data centers, wherein hundreds of thousands of computers may be housed in each data center. In cloud computing, individual applications can each lease computing space to execute on one or more of a data center?s computers. Cloud applications often need to dynamically adjust the amount of resources that they lease, elastically scaling up or down the amount of processing, memory, storage and/or network bandwidth that they need. Today's cloud-based systems burden application developers by requiring elasticity to be explicitly encoded into their software. This project seeks instead to investigate an approach that eases the task of elasticizing cloud-based applications by automatically incorporating elasticity at the operating system (OS) level to support dynamic scaling of applications. This project plans to develop an open source software tool called ElasticOS that incorporates elasticity into the Linux OS, with the hope that such a practical tool could lead to significant broader impacts for society, namely transforming the way that major cloud providers deploy applications within their cloud infrastructure, and benefiting application developers by easing the complexity of elastic programming in the cloud.
The intellectual merit and research advances expected from this project concern the development of novel techniques and tools for supporting elasticity of memory, networking, storage, and processing in cloud-based modern operating systems. In particular, the project will explore the feasibility and performance of a new concept to achieve elastic memory by stretching of processes/threads across cloud machines using the idea of elastic page tables. Further research challenges expected to be addressed by the proposal include the following: identifying and building the major components of an elastic OS architecture; devising a way to unify the network address space across multiple nodes so that network I/O can be treated as elastic; discovering a practical adaptive online algorithm for page clustering and placement that exploits application locality and parallelism; extending network elasticity to on-chip networking; discovering methods to accommodate multi-threading in elasticity; and developing a timely and accurate protocol for discovering available elastic cloud resources. The project intends to test four different types of standard applications on top of ElasticOS in order to better understand how to tune the elasticity: a large in-memory database application; a compute-intensive application; a network-intensive Web server application; and a ubiquitous computing application. The PIs are highly qualified to pursue the proposed research, and have well-known expertise in operating systems, networking, mobile cloud computing, computer architecture, wireless sensor networks, and distributed systems. Additional important broader impacts for society resulting from this project are expected to include enhancing the curriculum of advanced graduate systems courses and enabling undergraduate students, underrepresented minorities and women to participate in the project through programs such as REU and the Colorado Diversity Initiative.
NeTS: Small: Liquid Networking
Role: PI (sole)
Role: PI (sole)
Active: One time gift in 2012
Advanced Computer and Networked System Security (ECEN 5008-0004/CSCI 7000-0010)
Programming Digital Systems (ECEN 3350)
Advanced Network Systems (ECEN 5012-002/CSCI 7000-0009)
Programming Digital Systems (ECEN 3350)
Advanced Network Systems (ECEN 5013/CSCI 7000-0007)
Intro to Programming for ECEE (C and Matlab) (ECEN 1310)
Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-009)
Advanced Networking (ECEN 5023 / CSCI 7000-005)
Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-010)
Advanced Networking (ECEN 5023 / CSCI 7000-005)
Software Defined Networking (ECEN 5013)