CSE Prof. Stefan Savage is the recipient of the 2015 ACM-Infosys Foundation Award in the Computing Sciences. ACM, the Association for Computing Machinery, and the Infosys Foundation cited Savage for innovative research in network security, privacy and reliability that has taught cybersecurity experts to view attacks and attackers as elements of an integrated technological, societal and economic system.
Savage is also the Co-Director of the Center for Networked Systems (CNS) at UC San Diego, and his impact on the field of network security stems from the systematic approach he takes to assessing problems and combating adversaries ranging from malicious software and computer worms to distributed attacks.
The ACM-Infosys Foundation Award recognizes the finest recent innovations by young scientists and system developers in the computing field. An endowment from the Infosys Foundation provides financial support for the $175,000 annual award. ACM will present the ACM-Infosys Foundation Award at its annual awards banquet on June 11 in San Francisco.
“Keeping networks secure is an ongoing battle,” explained ACM President Alexander L. Wolf. “Coming up with a technical advancement to block an adversary is important. But, very often, the adversaries soon find new ways in. Stefan Savage has shifted thinking and prompted us to ask ourselves how we might impede the fundamental support structure of an attacker. His frameworks will continue to significantly influence network security initiatives in coming years.”
Stefan Savage is a member of the CSE department’s Systems and Networking Group in the Jacobs School of Engineering. A Sloan Fellow and ACM Fellow, he is also a past recipient of the ACM SIGOPS Mark Weiser Award, which is given annually to an individual who has demonstrated creativity and innovation in operating systems research. Savage has published more than 100 peer-reviewed journal and conference papers in the wide-ranging areas of the economics of e-crime, characterizing availability, routing protocols, and data center virtualization.
“Stefan’s work is creative and a fantastic exemplar of how computer science is solving societal problems that go beyond engineering and science into economics, government and public policy,” said CSE Chair Rajesh Gupta. “His pioneering work in cybersecurity is already having repercussions in sectors as disparate as automotive security, electronic voting, and black-market pharmaceuticals.”
“Dr. Savage has dedicated his career to analyzing, protecting, and strengthening the systems and networks that make our digital age possible. From network congestion control, worms and malware to wireless security, his work has helped advance a wide range of areas,” said Dr. Vishal Sikka, Chief Executive Officer & Managing Director of Infosys. “Dr. Savage is a true innovator, pursuing his curiosity and passion toward new frontiers in cybersecurity, and exemplifying the kind of work that the ACM-Infosys Foundation Award is proud to support.”
Savage’s unique methodology is perhaps best exemplified in his recent work to combat unsolicited electronic messages (spam). Along with his collaborators, including professors Geoffrey M. Voelker at UC San Diego and Vern Paxson at UC Berkeley, Savage designed investigations to understand how spammers make money, as well as what might be done to disrupt this fundamental incentive. In one project, he and his colleagues infiltrated a “botnet” by which spammers sent billions of emails via infected computers, and uncovered fascinating insights into the economics of spam schemes. For example, the research demonstrated that for each $100 purchase of Viagra, the spammers needed to send approximately 12,000,000 spam emails. And although this would seem to infer a poor return on investment, Savage’s team determined that the spammers’ low cost structure allowed them to extract a profit of $1.5 – $2 million per year.
Having shown that spam remained profitable in spite of existing defenses, Savage’s team then mounted a large-scale study to identify other bottlenecks in the spam business model that might be targeted more effectively. By tracking millions of spam emails and identifying the individual services required to monetize them – domain registrars, name servers, Web hosting services, payment processors and so on – they were able to construct a complete model of dependencies in the spam supply chain. Their work showed that of all these resources, the merchant bank accounts used to receive credit card payments were the most valuable and vulnerable to disruption. Based on these results, anti-counterfeiting organizations, brand holders and government agencies worked with Visa, MasterCard and their member banks to shutter these merchant accounts and put direct financial pressure on spammers.
In another study, Savage worked with his former student at UC San Diego, Tadayoshi Kohno, now a Professor of Computer Science and Engineering at University of Washington, and a group of students to examine the emerging trends of computerized control and connectivity in automobiles. By seeking to analyze the security of a test automobile from many points of entry, the group found that someone without any physical access to the vehicle could exercise arbitrary control from a remote distance, including disabling the brakes, controlling the engine, tracking the vehicle, and listening to conversations among passengers. Savage and the group worked closely with manufacturers to eliminate or mitigate these vulnerabilities in millions of automobiles and also helped drive international standards bodies and the National Highway Traffic Safety Administration to adopt cybersecurity as a key area of responsibility.
Savage received a B.S. degree in Applied History from Carnegie Mellon University and earned a Ph.D. in Computer Science from the University of Washington.