Flux Research Group / School of Computing


Emulab Emulab

Emulab is a network testbed, giving researchers a wide range of environments in which to develop, debug, and evaluate their systems. The Emulab facility at the University of Utah has over 600 PCs, a hundred wireless devices, and dozens of switches. It is used by thousands of researchers at hundreds of institutions worldwide. The software that we built to run Emulab is open source, and is used as part of dozens of network testbeds across the globe.


ProtoGENI is an NSF-funded and GPO-funded prototype implementation and deployment of GENI, led by the Flux research group at the University of Utah, and largely based on our Emulab software.


KGPU is a GPU computing framework for the Linux kernel. It allows Linux kernel to call CUDA programs running on GPUs directly. The motivation is to augment operating systems with GPUs so that not only userspace applications but also the operating system itself can benefit from GPU acceleration.

XCap XCap

We are creating XCap, a secure environment for least-authority execution of applications and system services. Unmodified, untrusted, off-the-shelf applications, running on untrusted operating systems, are isolated by a virtual machine manager. XCap brings the power of a capability-based security system to Xen, building on two principles: strong isolation and secure collaboration.

A3 A3

The A3 project applies virtualization, record-and-replay, introspection, repair, and other techniques to develop a customizable container for “advanced adaptive applications.” The A3 container provides its protected application with both innate and adaptive defenses against security threats.

TCloud TCloud

In the TCloud project we are developing a self-defending, self-evolving, and self-accounting trustworthy cloud platform. Our approach in realizing TCloud holds to the following five tenets: defense in depth, least authority, explicit orchestration of security function, moving-target defense, and verifiable accountability.

PhantomNet PhantomNet

To enable the fundamental research and innovation demanded to advance mobile networking beyond the state-of-the-art, a new facility called PhantomNet is being developed and coupled with the Emulab testbed at the University of Utah. PhantomNet will be a fully programmable end-to-end testbed with unique features to facilitate research efforts at the intersection of mobile networking, cloud computing and software defined networking.   

We are open for business! Go here: PhantomNet Portal.

We are pleased to host the first PhantomNet User's Workshop.

Join us for a PhantomNet based totorial on "4G to 5G and beyond: From theory to practice" at IEEE CCNC 2016.

Apt Apt

Now online at aptlab.net!

Apt (the Adaptable Profile-Driven Testbed) is a new type of facility: a meta-testbed that is adaptable through "profiles” to support a wide range of computing-based research domains. Apt focuses on getting the infrastructure out of the way, giving researchers the ability to create testbed environments ("profiles") that are tailored to their own domains, and to share those environments with their colleagues. Apt targets both researchers in computer science and researchers from other compute-intensive fields.

SDN End-to-end Application Containment SDN End-to-end Application Containment

We are developing an SDN End-to-end Application Containment ArchitecTure (SeaCat).

Our approach involves extending SDN primitives into end-points, adapting existing mechanisms for end-point application containment and orchestrating the creation of these contexts based on policies associated with specific health care applications.

KnowOps: Network Management, Software Defined KnowOps: Network Management, Software Defined

Operational complexity counts among the top challenges faced by network operators. This complexity arises, in part, because of the scale and continued growth of modern networks, the inherent complexity and intricate dependencies of the protocols that these networks run, and the increased expectations of network users due to the increasing importance that network connectivity and networked services play in society.

To address these deficiencies, we propose to realize a Knowledge-Centric Software-Defined Network Management and Operations architecture (KnowOps). Our approach is knowledge-centric in that we aim to systematically capture and reason about the knowledge needed to manage and operate a network. Our approach is software-defined in that we aim to realize a management and operations framework that can easily and safely evolve together with changing networks. As such, we are applying a software-defined approach to the management and operations of all networks, including but not limited to software-defined networks.

CloudLab CloudLab

Many of the ideas that drive modern cloud computing, such as server virtualization, network slicing, and robust distributed storage, arose from the research community. Despite this success, today’s clouds have become environments that are unsuitable for moving this research agenda forward—they have particular, unmalleable implementations of these ideas “baked in.” CloudLab will not be a cloud; it will be large-scale, distributed scientific infrastructure on top of which many different clouds can be built.

Xsmith Xsmith

This project is developing new techniques for the creation of highly effective fuzz testers (fuzzers) for compilers and interpreters. Our goal is to reduce the time and human effort needed to create sophisticated fuzzers for programming language implementations. Our new techniques are being embodied in a new generator of fuzz testers, called Xsmith.

OpenEdge: Open Service Edge Network OpenEdge: Open Service Edge Network


High performance edge networks, such as fiber-to- the-premises (FTTP), are increasingly being deployed by municipalities and communities to support advanced services and applications. The complexity of operating these networks often means that their full potential is not being reached and they are relegated to being fast access pipes to the Internet. In this work we are developing a dynamic and secure open service edge network architecture, called OpenEdge. OpenEdge provides a control architecture that automates the configuration of the edge network in a cloud-like manner to simplify the introduction of new network services and applications.


CapNet: Capability Enabled Networking

CapNet, will provide a practical platform for enforcing strong isolation for scientific workflows. Fine-grained nature of CapNet provides support for the principle of least authority. Individual scientific workflows, and even their tasks will run with a minimal set of privileges required for completing their goals, but not more. The basis for CapNet’s design is (1) strong isolation of network activities with the mechanisms of software defined networks (SDN) and (2) mediation of all communication between network hosts by a capability access control model.


Deker: Decomposing Kernels for Verification Deker: Decomposing Kernels for Verification

Deker is a framework for decomposing and verifying commodity operating system kernels. Deker turns a de-facto standard commodity operating system kernel into a collection of strongly isolated subsystems suitable for verification.

SafeEdge: Public Safety with an Open Muni Network SafeEdge: Public Safety with an Open Muni Network

This project addresses the unique challenges associated with rural smart and connected cities and specifically the public safety needs of such communities. Our open access/multi-service approach will allow municipalities to deploy a variety of services, thus addressing concerns about the economic feasibility of deploying broadband services in small and rural communities, while at the same time ensuring that public safety applications can function in this environment. Our aim is that our work would serve both as a living lab in which to explore smart and connected applications for rural cities and also to serve as a model deployment for these smaller communities.

This is a collaborative project with the City of Ammon, ID.

NetSecOps : Network Security Operations NetSecOps : Network Security Operations

University campus infrastructures count among the most complex and sophisticated information technology (IT) deployments; often combining a mix of enterprise, academic, research, and healthcare environments, each having their own distinct security, privacy, and priority policies. In this project we address these challenges through a collaborative research effort, called NetSecOps (Network Security Operations), that attempts to assist IT security teams by automating many of the operational steps that are tedious, error-prone, and otherwise problematic in current campus networks.


POWDER (the Platform for Open Wireless Data-driven Experimental Research) is a facility for experimenting on the future of wireless networking in a city-scale “living laboratory.” Visit the POWDER portal.

Sharing Artifacts in a Cybersecurity Community Hub Sharing Artifacts in a Cybersecurity Community Hub

This project is creating a new, collaborative, community-driven platform for researchers in cybersecurity. The platform aims to lower the barrier to experiment sharing and reproducibility within the cybersecurity community by aiding researchers in packaging, importing, locating, understanding, and reusing experiment artifacts. The artifacts organized by the platform, including tools, methodologies, documentation, and data, can be deployed to various community testbeds for performing new experiments.