Eric Keller

Associate Professor at the University of Colorado, Boulder


I am an Associate Professor in the ECEE Department at the University of Colorado, and co-founder and CTO of Stateless. At the beginning of the Fall 2021 semester, I returned from a 2 year leave from CU, but I still actively participate in the management of Stateless (as allowed under policy at CU). I am actively looking for PhD students to join my group. My research interests are elaborated below, but in general, my students are interested in systems programming. Entrepreneurial interest is a bonus -- I believe systems research and entrepreneurship go hand-in-hand, and find it a great avenue for students to pursue.

I received my Ph.D. in 2011 from the Electrical Engineering department at Princeton University advised by Jennifer Rexford in the Computer Science department. I was supported by an Intel Ph.D. Fellowship. After Princeton, I spent a year as a post-doc in the Computer and Information Science department at the University of Pennsylvania, working with Jonathan Smith.

Research Statement (2018)

CV (2018)

  • ECOT 351
  • 303-492-0125




I design and build secure and reliable networked systems using a cross-layer approach that draws from networking, operating systems, distributed systems, and computer architecture. My approach is to challenge existing assumptions – rather than solving a problem on top of the system, I look to change the system to make the problem go away fundamentally. With this, a cross-layer approach is central to my research as any given solution might straddle several of these areas.

Programmable Infrastructure

My research introduces new systems, algorithms, and abstractions to enable a more manageable network and computing infrastructure. This is rooted in the fact that a significant portion of security and reliability issues are often a result of limitations in the management of networked systems. My research has been enabling and capitalizing on a more dynamic and programmable computing and network infrastructure, via such technologies as virtualization, software-defined networking, and the movement toward cloud based services.

Change the assumptions


logo of Stateless

Stateless - Stateless was founded in 2016 with the mission of making even the most sophisticated and dynamic networks dead simple to manage. After years working together, Murad Kablan and I formed the company as a spin-off of our research at CU (see our NSDI 2017 paper). Our technology addresses the root of the problem which prevents networks from achieving true agility -- state. Find an overview of the company on our website.

Status: Active. Raised $24.9M in VC funding from Foundry Group (led Series B), Drive Capital (led Series A), and Speed Invest (led Seed), and $1.7M in grants from the NSF (SBIR) and State of Colorado (OEDIT AIA)

logo of Clear Creek Networks

Clear Creek Networks - Along with two M.S. students, I co-founded CCN in 2013 to bring software-defined networking technology to the next generation electrical grid -- addressing the disconnect between the power engineers and the network engineers. Ultimately we were unable to breakthrough this industry. Key lessons: need to investigate product market fit more aggressively up front, trust between co-founders is critical.

Status: Dissolved

Programs participated in:

logo of Techstars
logo of Catalyze CU-Boulder
logo of New Venture Challenge Boulder
logo of I-Corps
logo of Surge Accelelator




Maziyar Nazari

PhD CS (expected 2024)



Erika Hunhoff

PhD CS (expected 2024) (co-advised with Eric Rozner)



Bashayer Alharbi

PhD CS (expected 2026)



Dustin Hooks

PhD CS (expected 2027)



Shirin Ebadi

PhD ECEE (expected 2027)



Karl Olson, 2024

Ph.D. in CS - Where is the Incentive? Rethinking Approaches to Security in Networks.
First job -- US Military Academy/Army Cyber Institute

Greg Cusack, 2022

Ph.D. in ECEE - Enabling Application-Specific Programmable Compute Infrastructure.
First job -- Solana

Marcelo Abranches, 2022

Ph.D. in ECEE - Synergistic Server-Based Network Processing Stack.
First job -- CGU (in Brazil)

Sepideh Goodarzy, 2022

Ph.D. in CS (co-advised with Rick Han) - SmartOS: Automating Allocation of Operating System Resources to User Preferences via Reinforcement Learning.
First job -- Google

Albert Vilardell Barnosell, 2022

B.S. in CS from UPC (thesis work done at CU as visiting student) (co-advised with Tamara Lehman) - Virtualization of programmable switches on top of an FPGA board.

Mohammad Hashemi, 2021

Ph.D. in CS - Detecting Anomalies in Network Systems by Leveraging Neural Networks.
First job -- Data Scientist at Illumina

Azzam Alsudais, 2020

Ph.D. in CS - Efficient Approaches for Homing Complex Network Services.
First job -- Assistant professor at King Saud University (Computer Science Department)

Oliver Michel, 2019

Ph.D. in CS - Packet-Level Network Telemetry and Analytics.
First job -- Cloud Architect at TourRadar, then post-doc at Univ of Vienna

Aimee Coughlin, 2018

Ph.D. in ECEE - Enabling User Space Secure Hardware.
First job -- Security Engineer at Facebook

Murad Kablan, 2017

Ph.D. in Computer Science - StatelessNF: A Disaggregated Architecture for Network Functions.
First job -- CEO and co-founder Stateless

Edgar González Quevedo, 2017

M.S. from UPC (thesis work done at CU as visiting student) - Analysis, experimentation and improvement of a system of "Crowdsourced" home cyber security .

Anurag Dubey, 2017

M.S. in ECEE - Timing and Latency Characteristics in Disaggregated Systems.
First job -- Xilinx

Ali Ismail, 2015

M.S. in ECEE - Cloud RTR: Cloud Infrastructure for Apps with Hardware.
First job -- Synchroness

Ryan Hand, 2014

M.S. in Computer Science - Toward An Active Network Security Architecture.
First job -- Instructor USMA

Matt Monaco, 2013

M.S. in Computer Science - A Filesystem Abstraction for Multiple Actors in a Distributed Software Defined Network.
First job -- Google

MS (non-thesis): Dwight Browne (2023), Chethan Kavaraganahalli Prasanna (2023), Akshay Abhyankar (2023), Sreeram Ganesan (2023), Sachin Sharma (2023), Rajeev Menon (2023), Swaminathan Sriram (2022), Evan Braun (2022), George Nsude (2022), Prerit Oberai (2019), Bharat Nallan (2017), Kelly Kaoudis (2015).

M.S. -- each were contributing reserch members of my research group, whether through an official means such as an Independent Study, or unofficially contributing to a project on their own.

Undergraduates (non-thesis): Alex Tsankov (AY 2014-15), Sean Lambert (AY 2015-16), Ji-hoon Kim (AY 2015-16), Yiming Wang (AY 2016-17), Jeffery Lim (AY 2016-17), Pranav Subramanian (AY 2021-22)

B.S. -- each performed undergraduate research as part of programs like the discovery learning apprenticeship (DLA).


logo of NSF

NSF Convergence Accelerator Track G: 5G Hidden Operations through Securing Traffic (GHOST)

Role: co-PI

Dates: 2022-2023

Award: $749,186 (total)

Collaborators: Keith Gremban (PI), Alexandra Siegel, Tamara Lehman, Salvador D'Itri

The proliferation of 5G networks around the world presents an attractive opportunity for U.S. government organizations, nongovernmental humanitarian aid organizations, and private sector enterprises to take advantage of indigenous 5G networks to eliminate the costs of installing and maintaining an alternate communications infrastructure. However, in many areas of the world, 5G networks are deployed and operated by organizations that are untrusted and potentially hostile to the U.S. In these environments, new security technologies are needed to secure operations. The 5G Hidden Operations through Securing Traffic (GHOST) project provides four layers of security. First, GHOST protects against end-user and networking devices from being compromised by a hostile network. Second, GHOST anonymizes individual identities and obscures user locations. Third, GHOST prevents traffic analysis that could reveal operational plans and activities by anonymizing communication connections and introducing “GHOST” traffic into the network to maintain a constant level of activity. Finally, the GHOST project will further obfuscate traffic analysis by injecting “false flag” traffic that models real operations to confuse and mislead analysis. The GHOST technology will enable organizations ranging from the U.S. military to private entities to securely operate over indigenous 5G networks, regardless of the politics of the network operators.

The GHOST project addresses the core intellectual challenge of providing secure communications resistant to penetration and traffic analysis over untrusted networks. The GHOST project considers the network as a black box that is assumed to be operated by a hostile agent. Addressing the challenge will yield four intellectual benefits to the research and operational communities. (i) First, the GHOST project will deliver technology that will protect end-user devices and non-indigenous networking equipment from penetration and compromise. The technology secures devices at the hardware level through the use of Trusted Execution Environments (TEEs). The idea behind a TEE is that anything coming from outside the chip boundary is untrusted. TEEs enforce this trusted boundary by implementing integrity verification of data and code and encrypting them once they cross the trusted boundary. (ii) Second, the GHOST project will deliver technology to anonymize or disguise end-user identities, locations, and communications endpoints. End-user identities will be protected using software defined credentials. Locations are protected using geo-spatial identity management. Communications connections are protected by peer-to-peer anonymization. (iii) Third, the GHOST project will deliver technology to overlay normal traffic with “GHOST” traffic — essentially network white noise — to obfuscate traffic analysis. (iv) Fourth, the GHOST project will deliver technology to model and generate “false flag” traffic. Through monitoring and simulation, models of traffic patterns associated with specific operations will be generated. "False flag" traffic injected into the network will reflect the traffic associated with a particular operation and be convincing to any observers.

GHOST technology will benefit end-users of any network, not just untrusted networks. The primary criteria for success of the GHOST project will be: (i) Device protection from network operator attacks; (ii) The obfuscation of user identities, locations, and communications connections; (iii) The obfuscation of traffic patterns; (iv) The injection of “false flag” traffic.

logo of NSF

CAREER: Stateless Network Functions: Building a Better Network Through Disaggregation

Role: PI (sole)

Dates: 2017-2023

Award: $627,999

To improve performance, security, and reliability, network practitioners have moved away from the principle of a stateless network and added stateful processing to devices such as internet firewalls, load balancers, and intrusion detection systems. In doing so, networks have become increasingly complex and brittle. The research objective of this proposal is to provide the foundation for a transformative network architecture based on disaggregated virtual network functions. Developing this capability will improve the performance and operation of virtualized computing systems, including compute clouds, and ultimately make US information technology capabilities more competitive.

This project will introduce the new systems and algorithms to make a disaggregated network function architecture possible, leveraging recent advances in distributed systems in low-latency data stores, and the unique properties of network processing that can be used to optimize the interface between the processing and state. Specifically, this proposal will: 1) develop the algorithmic and system underpinnings that overcome the challenges in achieving the needed performance in the face of added latency, overhead in accessing state, and concurrent execution; and 2) create novel network management capabilities that leverage disaggregated network functions to realize a network function infrastructure that is efficient and robust to load changes, component failures, and software or configuration updates.


SDI-CSCS: S2OS - Enabling Infrastructure-Wide Programmable Security with SDI

Role: co-PI

Collaborators: Guofei Gu (PI), Hongxin Hu, Zhiqiang Lin, Don Porter

Dates: 2017-2021

Award: $3M (total) $599,489 (Colorado)

I-Corps: Elastic Network Infrastructure

Role: PI


$50,000 (total)

TWC: Medium: Active Security

Role: PI

Collaborators: Adam Aviv, Jonathan M. Smith


$1.2M (total), $746,537 (Colorado)

XPS: SDA: Elasticizing the Linux Operating System for the Cloud

Role: co-PI

Collaborators: Richard Han (Colorado)



NeTS: Small: Liquid Networking

Role: PI (sole)

Active: 2013-2017

Amount: $500,000

Research Gift

Role: PI (sole)

Active: One time gift in 2012


Computer Organization (ECEN 3593 / CSCI 4593)

Spring 2023

Advanced Network Systems (ECEN 5565 / CSCI 7000)

Fall 2022

Computer Organization (ECEN 3593 / CSCI 4593)

Spring 2022

DevOps In the Cloud

Fall 2021

Programming Digital Systems (ECEN 3350)

Spring 2019

DevOps in the Cloud (ECEN 5033)

Fall 2018

Programming Digital Systems (ECEN 3350)

Spring 2018

Advanced Computer and Networked System Security (ECEN 5008-0004/CSCI 7000-0010)

Fall 2017

Programming Digital Systems (ECEN 3350)

Spring 2017

Advanced Network Systems (ECEN 5012-002/CSCI 7000-0009)

Fall 2016

Programming Digital Systems (ECEN 3350)

Spring 2016

Advanced Network Systems (ECEN 5013/CSCI 7000-0007)

Fall 2015

Intro to Programming for ECEE (C and Matlab) (ECEN 1310)

Spring 2015

Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-009)

Fall 2014

Advanced Networking (ECEN 5023 / CSCI 7000-005)

Spring 2014

Advanced Computer and Networked System Security (ECEN 5013 / CSCI 7000-010)

Fall 2013

Advanced Networking (ECEN 5023 / CSCI 7000-005)

Spring 2013

Software Defined Networking (ECEN 5013)

Fall 2012