Eric Eide
  • Research Associate Professor, School Of Computing


  • Pierce Darragh, William Gallard Hatch & Eric Eide (2021). Clotho: A Racket library for parametric randomness. In Proceedings of the 2020 Scheme and Functional Programming Workshop. 3–13. Published, 01/2021.
  • Richard Li, Min Du, Hyunseok Chang, Sarit Mukherjee & Eric Eide (2020). Deepstitch: Deep learning for cross-layer stitching in microservices. In Proceedings of the 6th International Workshop on Container Technologies and Container Clouds (WoC). 25–30. Published, 12/2020.
  • Joe Breen, Andrew Buffmire, Jonathon Duerig, Kevin Dutt, Eric Eide, Mike Hibler, David Johnson, Sneha Kumar Kasera, Earl Lewis, Dustin Maas, Alex Orange, Neal Patwari, Daniel Reading, Robert Ricci, David Schurig, Leigh B. Stoller, Jacobus Van der Merwe, Kirk Webb & Gary Wong (2020). POWDER: Platform for Open Wireless Data-driven Experimental Research. In Proceedings of the 14th International Workshop on Wireless Network Testbeds, Experimental Evaluation and Characterization (WiNTECH). 17–24. Published, 09/2020.
  • Richard Li, Min Du, David Johnson, Robert Ricci, Jacobus Van der Merwe & Eric Eide (2019). Fluorescence: Detecting kernel-resident malware in clouds. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID). 367–382. Published, 09/2019.
  • Dmitry Duplyakin, Robert Ricci, Aleksander Maricq, Gary Wong, Jonathon Duerig, Eric Eide, Leigh Stoller, Mike Hibler, David Johnson, Kirk Webb, Aditya Akella, Kuangching Wang, Glenn Ricart, Larry Landweber, Chip Elliott, Michael Zink, Emmanuel Cecchet, Snigdhaswin Kar & Prabudh Mishra (2019). The design and operation of CloudLab. In Proceedings of the 2019 USENIX Annual Technical Conference (ATC). 1–14. Published, 07/2019.
  • Hyunwook Baek, Eric Eide, Robert Ricci & Jacobus Van der Merwe (2018). I heard it through the firewall: Exploiting cloud management services as an information leakage channel. In Proceedings of the 2018 ACM Symposium on Cloud Computing (SoCC). 361–373. Published, 10/2018.
  • David Johnson, Elijah Grubb & Eric Eide (2018). Supporting Docker in Emulab-based network testbeds. In Proceedings of the 11th USENIX Workshop on Cyber Security Experimentation and Test (CSET). Published, 08/2018.
  • Hyunwook Baek, Eric Eide, Robert Ricci & Jacobus Van der Merwe (2018). Monitoring the update time of virtual firewalls in the cloud. Technical Report UUCS–18–005, University of Utah. Published, 05/2018.
  • Anton Burtsev, David Johnson, Josh Kunz, Eric Eide & Jacobus Van der Merwe (2017). CapNet: Security and least authority in a capability-enabled cloud. In Proceedings of the 8th ACM Symposium on Cloud Computing (SoCC). 128–141. Published, 09/2017.
  • Prashanth Nayak, Mike Hibler, David Johnson & Eric Eide (2017). A Wingman for virtual appliances. In Shuvendu Lahiri and Giles Reger, editors, Runtime Verification: 17th International Conference, RV 2017, volume 10548 of Lecture Notes in Computer Science. 390–399. Published, 09/2017.
  • Demo: Repeatable mobile networking research with PhantomNet. In Proceedings of the 22nd Annual International Conference on Mobile Computing and Networking (MobiCom), pages 489–490, Received the MobiCom '16 Best Demo Award. Published, 10/2016.
  • Abstractions for practical virtual machine replay. In Proceedings of the 12th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), pages 93–106. Published, 04/2016.
  • Potassium: Penetration testing as a service. In Proceedings of the 6th ACM Symposium on Cloud Computing (SoCC), pages 30–42. Published, 08/2015.
  • Using deduplicating storage for efficient disk image deployment. In Proceedings of the 10th International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities (TRIDENTCOM). Published, 06/2015.
  • PhantomNet: Research infrastructure for mobile networking, cloud computing and software-defined networking. ACM GetMobile, 19(2):28–33. Published, 04/2015.
  • Guest editor, Operating Systems Review, 49(1), January 2015. Special issue on repeatability and sharing of experimental artifacts. Published, 01/2015.
  • Introducing CloudLab: Scientific infrastructure for advancing cloud architectures and applications. ;login:, 39(6):36–38, December 2014. Published, 12/2014.
  • Composable multi-level debugging with Stackdb. In Proceedings of the 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), pages 213–225. Published, 03/2014.
  • Help, help, I’m being suppressed! The significance of suppressors in software testing. In Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering (ISSRE), pages 390–399. Published, 11/2013.
  • Weir: A streaming language for performance analysis. In Proceedings of the Seventh Workshop on Programming Languages and Operating Systems (PLOS). Published, 11/2013.
  • Isolation of malicious external inputs in a security focused adaptive execution environment. In Proceedings of the 8th International Conference on Availability, Reliability and Security (ARES), pages 82–91. Published, 09/2013.
  • Taming compiler fuzzers. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 197–208. Published, 06/2013.
  • Software Variability Mechanisms for Improving Run-Time Performance. PhD dissertation, University of Utah. Published, 12/2012.
  • A3: An environment for self-adaptive diagnosis and immunization of novel attacks. In Proceedings of the Sixth IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW), pages 15–22. Published, 09/2012.
  • Swarm testing. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA), pages 78–88. Published, 07/2012.
  • Test-case reduction for C compiler bugs. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 335–346. Published, 06/2012.
  • Summary of PLOS 2011: The sixth workshop on programming languages and operating systems. Operating Systems Review, 45(3):1–4. Published, 12/2011.
  • Finding and understanding bugs in C compilers. In Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 283–294. Published, 06/2011.
  • Trusted disk loading in the Emulab network testbed. In Proceedings of the 3rd Workshop on Cyber Security Experimentation and Test (CSET). Published, 08/2010.
  • Toward replayable research in networking and systems. Position paper for Archive ’10, the NSF Workshop on Archiving Experiments to Raise Scientific Standards. Published, 05/2010.
  • PLOS 2009: Fifth workshop on programming languages and operating systems: Workshop overview. Operating Systems Review, 43(4):31–34. Published, 12/2009.
  • Volatiles are miscompiled, and what to do about it. In Proceedings of the 8th ACM International Conference on Embedded Software (EMSOFT 2008), pages 255–264. Published, 10/2008.
  • Edicts: Implementing features with flexible binding times. In Proceedings of the 7th International Conference on Aspect-Oriented Software Development (AOSD 2008), pages 108–119. Published, 03/2008.
  • Efficient memory safety for TinyOS. In Proceedings of the Fifth ACM Conference on Embedded Networked Sensor Systems (SenSys 2007), pages 205–218. Published, 11/2007.
  • Resource management aspects for sensor network software. In Proceedings of the Fourth Workshop on Programming Languages and Operating Systems (PLOS 2007). Published, 10/2007.
  • An experimentation workbench for replayable networking research. In Proceedings of the Fourth USENIX Symposium on Networked Systems Design and Implementation (NSDI ’07), pages 215–228. Published, 04/2007.
  • Efficient type and memory safety for tiny embedded systems. In Proceedings of the Third Workshop on Programming Languages and Operating Systems (PLOS 2006). Published, 10/2006.
  • Memory safety and untrusted extensions for TinyOS. Technical Report UUCS–06–007, University of Utah. Published, 06/2006.
  • Integrated scientific workflow management for the Emulab network testbed. In Proceedings of the 2006 USENIX Annual Technical Conference (USENIX ’06), pages 363–368. Published, 05/2006.
  • Feature typing: An early aspects technique. In the Workshop on Early Aspects at OOPSLA 2005. Published, 10/2005.
  • Binding-time flexibility for managing variability. In the Second Workshop on Managing Variabilities Consistently in Design and Code (MVCDC 2) at OOPSLA 2005. Published, 10/2005.
  • Dynamic CPU management for real-time, middleware-based systems. In Proceedings of the Tenth IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS 2004), pages 286–295. Published, 05/2004.
  • A comparison of Jiazzi and AspectJ for feature-wise decomposition. Technical Report UUCS–04–001, University of Utah. Published, 03/2004.
  • Bees: A secure, resource-controlled, Java-based execution environment. In 2003 IEEE Conference on Open Architectures and Network Programming Proceedings (OPENARCH 2003), pages 97–106. Published, 04/2003.
  • Static and dynamic structure in design patterns. In Proceedings of the 24th International Conference on Software Engineering (ICSE 2002), pages 208–218. Published, 05/2002.
  • Aspect weaving as component knitting: Separating concerns with Knit. In the Workshop on Advanced Separation of Concerns in Software Engineering at ICSE 2001. Published, 05/2001.
  • Knit: Component composition for systems software. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI 2000), pages 347–360. Published, 10/2000.
  • Session summaries from the 17th Symposium on Operating Systems Principles (SOSP ’99). Operating Systems Review, 34(2):4–41. Published, 04/2000.
  • Flexible IDL compilation for complex communication patterns. Scientific Programming, 7(3, 4):275–287. Published, 01/1999.
  • Flexible and optimized IDL compilation for distributed applications. In David O’Hallaron, editor, Languages, Compilers, and Run-Time Systems for Scalable Computers (LCR ’98), volume 1511 of Lecture Notes in Computer Science, pages 288–302. Springer. Published, 05/1998.
  • Flick: A flexible, optimizing IDL compiler. In Proceedings of the ACM SIGPLAN ’97 Conference on Programming Language Design and Implementation (PLDI), pages 44–56. Published, 06/1997.
  • Valet: An Intelligent UNIX Shell Interface. Master's thesis, University of Utah. Published, 08/1995.
  • An entry-level course in computational engineering and science. In The Papers of the 26th SIGCSE Technical Symposium on Computer Science Education (SIGCSE ’95), pages 209–213. Published, 03/1995.

Research Statement

My aim is to advance practical approaches to attaining high-quality systems software, given constraints on its environment, implementation, and cost.

System and network security. Much of my research has focused on security concerns. This work was primarily supported by two research awards, called A3 and TCloud.

A3 aimed to use hypervisors and virtual machines as bases for defending a user-chosen application. My focus was on performing analyses and repairs based on hypervisor mechanisms, including virtual machine introspection (VMI) and deterministic, whole-VM replay. My research team and I disseminated the results of our research through multiple conference publications that were accompanied by open-source software: Stackdb, XenTT, Weir, and Wingman. Our work in A3 received significant media coverage.

TCloud sought to improve the security of clouds and the security offered by clouds to their users. I directed or co-directed four efforts within the project. The first investigated "penetration testing as a service," a way for clouds to help tenants secure their systems. In the second, Richard Li (my PhD student) and I explored a novel approach to detecting anomalies, such as malware infections, within a "herd" of similar VMs. My third effort focused on "capability-enabled networks," in which all communication is strictly controlled. The fourth explored covert channels based on clouds' software infrastructure. My research toward advancing cloud security is ongoing.

Compiler testing. An example of my practical focus on trustworthiness is my past and ongoing work toward improving compilers through random differential testing, which is a kind of "fuzz testing." The idea is to randomly generate programs and use them as test cases to a set of compilers. The test procedure discovers a compiler defect whenever any compiler under test (1) crashes or (2) produces incorrect code.

Prof. John Regehr and I started this work in 2008 and coauthored a series of papers that dealt with testing C compilers. The open-source tools that we developed for this work, called Csmith and C-Reduce, are heavily used by the compiler-testing community. In February 2018, I was honored to receive a Google Open Source Peer Bonus for "exceptional contributions to open source" related to C-Reduce.

I am currently working to apply random testing to the implementations of other programming languages, through the creation of a new tool called Xsmith. Xsmith is a generator of fuzz testers for language implementations ("language fuzzers"). The state of the art is for language fuzzers to be written largely by hand and from scratch; this is a burden that limits the development of sophisticated language fuzzers. Xsmith aims to reduce this burden by generating language fuzzers from specifications. In addition, it injects sophisticated program-generation techniques into the language fuzzers it creates.

Languages and systems construction. Programming languages play a central role in the development of trustworthy systems. My approach is to apply and evolve programming-language technologies as appropriate to address challenges in the implementation of systems software. My research publications include work in applying safe languages, components, design patterns, and aspect-oriented programming to the implementation of C- and Java-based systems software.

My current research at the junction of programming languages and systems relates to P4, an emerging language for programming network switches. Devices with fully programmable data planes enable dynamic, post-deployment changes to their behavior via languages like P4. Current practice, however, makes it difficult for a network operator to compose separate P4 programs to establish and maintain the desired behavior of a network. A modular approach to network function deployment and management can make changes easier, faster, and less disruptive.

PhD student David Hancock, Prof. Jacobus Van der Merwe, and I propose new abstractions, built on top of a virtualized programmable data plane, for dynamically provisioning network slices, and within each slice, deploying a composition of P4 programs. The abstractions are implemented by a new controller, called ConViDa, that permits slice and composition modifications at run time, with no need to "reboot" the entire data plane. Our experiments show that ConViDa provides an easy and nondisruptive way to integrate new protocols and functions into the network, manage network slices, and consolidate or spread complex functionality as necessary. In addition, we have developed an application of CoViDa for network security, one that dynamically deploys P4 code to disrupt network traffic analysis.

Testbeds and repeatable systems research. The Flux Research Group, which I co-direct, is perhaps best known for inventing and operating several testbeds for networking and systems research including Emulab, CloudLab, and POWDER. These scientific instruments are in heavy and continuous use by researchers and students worldwide.

My primary research interest in the Flux Group's testbeds is in utilizing them as bases for repeatable research. Starting in 2005, I led the development of an "experimentation workbench" for Emulab that demonstrated the potential for integrating scientific workflow management with a testbed, and many of the features of our current experiment "profile" system were pioneered by the workbench. Our support for repeatability continues to evolve as the needs of testbed users change. For example, because researchers today often conduct experiments on a variety of platforms, I led our effort to support the direct use of Docker images in our testbeds. In the future, the Flux Group plans to better integrate our testbeds with various community resources including more tools for repeatable research, e.g., Jupyter Notebook.

The ability to repeat experiments is important for establishing the trustworthiness of published computer-science research and for building on that work. Testbeds like Emulab, CloudLab, and POWDER provide the vehicles and controls for establishing trust in research that involves complex, distributed systems.

Beyond testbeds, the research community requires places where knowledge about experiments and good research practice can be collected, curated, and made available for reuse. To address this need for the cybersecurity community, my colleagues and I have recently started a collaborative project called SEARCCH. SEARCCH aims to create an online, community-driven "hub" that lowers the barrier to sharing by aiding researchers in packaging, importing, locating, understanding, and reusing experiment artifacts. The artifacts organized by the platform, including tools, methodologies, documentation, and data, can be deployed to community testbeds for performing new experiments. The goal is to transform the way research is conducted in the cybersecurity community, improving the overall scientific quality of cybersecurity research through validation, repeatable sharing and reuse, and a collective approach to building on research results.

Research Keywords

  • unikernels
  • trustworthy systems software
  • testbeds
  • test environments
  • systems software
  • software testing
  • software engineering
  • repeatable research
  • random testing
  • programming languages
  • middleware
  • malware analysis
  • fuzz testing
  • digital forensics
  • computer security
  • computer operating systems
  • compilers
  • cloud computing

Research Equipment and Testing Expertise

  • CloudLab <>. CloudLab is flexible, scientific infrastructure for research on the future of cloud computing. Researchers come to CloudLab to build their own clouds, experimenting with new architectures that will form the basis for the next generation of the world's computing platforms. CloudLab provides researchers with control and visibility all the way down to the bare metal. CloudLab is a public facility, available without charge to most researchers and educators worldwide. Contact: Robert Ricci , 801-581-8354 , 3490B MEB.
  • Emulab <>. Emulab is a network testbed that gives researchers a wide range of environments in which to develop, debug, and evaluate their systems. Emulab is widely used by computer science researchers in the fields of networking and distributed systems. It is also designed to support education, and it has been used to teach classes in those fields. Emulab is a public facility, available without charge to most researchers and educators worldwide. Contact: Robert Ricci , 801-581-8354 , 3490B MEB.
  • POWDER <>. POWDER is an under-construction "city scale" platform for research on advanced mobile wireless networks. It provides radios that are programmable down to the waveform, attached to a network that can be configured by the user, and connected to a wide variety of compute, storage, and cloud resources. When complete, it will cover a 10 km^2 area of Salt Lake City that encompasses the downtown area, the University of Utah campus, and a residential neighborhood. Within this area there will be dozens of fixed stations and a hundred couriers, such as buses and utility vehicles, carrying mobile devices around the city. A subset of these resources is available today. Contact: Jacobus Van der Merwe , 801-581-3012 , 3490D MEB.

Software Titles

  • Clotho. Clotho provides controllable randomness functions for Racket programs, allowing sequences of random values to be recorded, replayed, and manipulated at a fine grain. The current version of Clotho is always available from the Flux Research Group's GitLab site. We improved and maintained Clotho throughout 2020; the most recent release is version 1.0.2, released December 2020. Release Date: 12/2020. Inventors: Pierce Darragh, Eric Eide, William Gallard Hatch. Distribution List:
  • C-Reduce. C-Reduce inputs a large C or C++ program that has a property of interest (such as triggering a compiler bug) and automatically produces a much smaller C/C++ program that has the same property. It is intended for use by people who discover and report bugs in compilers and other tools that process C/C++ code. The current version of C-Reduce is always available from GitHub. We improved and maintained C-Reduce throughout 2020; the most recent release is version 2.10.0, released May 2019. Release Date: 06/2020. Inventors: Yang Chen, Eric Eide, John Regehr. Distribution List:
  • Xsmith. Xsmith is a library and domain-specific language for creating sophisticated random program generators that are useful for testing compilers, interpreters, and other tools. It comes with a library of sample generators for C, Python, Scheme, and Verilog programs. The current version of Xsmith is always available from the Flux Research Group's GitLab site. We improved and maintained Xsmith throughout 2020; the most recent release is version 1.0.0, released June 2019. Release Date: 06/2020. Inventors: Pierce Darragh, Eric Eide, William Gallard Hatch. Distribution List:
  • Emulab. Emulab is testbed-management software that supports networking and systems research. It runs the Utah Emulab testbed site, CloudLab, Apt, PhantomNet, POWDER, and dozens of other testbed around the world. The Flux Research Group continually enhances and maintains the Emulab software, and the current version is always available from the Flux Research Group's GitLab site. The Flux Research Group releases a new, stable version of the Emulab software approximately twice per year, most recently in June 2020. Release Date: 06/2020. Inventors: The Flux Research Group. Distribution List:
  • Csmith. Csmith randomly generates C programs that statically and dynamically conform to the C99 standard. It is useful for testing compilers, static analyzers, and other tools that process C code. Csmith has found bugs in every tool that it has tested, and we have used it to find and report more than 475 previously unknown compiler bugs. The current version of Csmith is always available from GitHub. We improved and maintained Csmith throughout 2020; the most recent release is version 2.3.0, released June 2017. Release Date: 05/2020. Inventors: Yang Chen, Eric Eide, John Regehr, Xuejun Yang. Distribution List:
  • Stackdb. Stackdb is a debugging library with VMI support that allows one to monitor and control a whole system through multiple, coordinated targets. A target corresponds to a particular level of the system's software stack; multiple targets allow a user to observe a VM guest at several levels of abstraction simultaneously. For example, with Stackdb, one can observe a PHP script running in a Linux process in a Xen VM via three coordinated targets at the language, process, and kernel levels. The current version of Stackdb is always available from the Flux Research Group's GitLab site. We improved and maintained Stackdb throughout 2017; the last change in 2017 was published in July. Release Date: 07/2017. Inventors: Eric Eide, Mike Hibler, David Johnson. Distribution List:
  • Wingman. Wingman (previously ASM) is a kernel-focused framework for detecting and repairing anomalies within virtual appliances. It uses virtual-machine introspection (VMI) to periodically obtain a "snapshot" of the state of a virtual appliance (VA). The snapshot consists of information that is extracted from the operating system kernel that runs within the VA. The snapshot is given to an expert system that seeks to detect anomalies and, if any are found, determine an appropriate recovery strategy. The recovery strategy is carried out by recovery tools so that the VA can be restored to an acceptable state. Wingman has been shown to be effective in guarding a VA against the actions of a kernel-exploit kit, a kernel rootkit, a user-space rootkit, and an application malware. For each of these attacks, Wingman's recovery component was able to restore the VA to an acceptable state. Although Wingman's recovery actions did not remove the malicious software, they substantially mitigated the software's harmful effects. Release Date: 09/2014. Inventors: Prashanth Nayak, Mike Hibler, David Johnson, Eric Eide. Distribution List:
  • Weir. Weir is a streaming language for systems analysis. Weir is based on the insight that analysis algorithms can be naturally expressed as stream-processing pipelines. In Weir, an analysis algorithm is implemented as a graph composed of stages, where each stage operates on a stream of events that represent collected performance measurements. Weir is an imperative streaming language with a syntax designed for the convenient construction of stream pipelines that utilize composable and reusable analysis stages. We released Weir version 1.0.0 in April 2014. Release Date: 04/2014. Inventors: Anton Burtsev, Eric Eide, David Johnson, Nikhil Mishrikoti, Robert Ricci. Distribution List: