UC San Diego Cybersecurity Expert Honored for Innovative Research

Article Content

Stefan Savage received the 2015 ACM-Infosys Foundation Award in the Computing Sciences.

New York and Bangalore, India, March 30, 2016 – The Association for Computing Machinery (ACM) and the Infosys Foundation announced today that Stefan Savage, a computer scientist at the University of California, San Diego, is the recipient of the 2015 ACM-Infosys Foundation Award in the Computing Sciences.

He was cited for innovative research in network security, privacy and reliability that has taught us to view attacks and attackers as elements of an integrated technological, societal and economic system. Savage’s impact on the field of network security stems from the systematic approach he takes to assessing problems and combating adversaries ranging from malicious software and computer worms to distributed attacks.

The ACM-Infosys Foundation Award recognizes the finest recent innovations by young scientists and system developers in the computing field. An endowment from the Infosys Foundation provides financial support for the $175,000 annual award. ACM will present the ACM-Infosys Foundation Award at its annual awards banquet on June 11 in San Francisco.

"Stefan's work is creative and a fantastic example of how computer science is solving societal problems that go beyond engineering and science into economics, government and public policy," said Rajesh Gupta, chair of the Department of Computer Science and Engineering at UC San Diego, where Savage is on faculty. "His pioneering work in cybersecurity is already having repercussions in sectors as disparate as automotive security, electronic voting, and black-market pharmaceuticals."

Savage’s unique methodology is perhaps best exemplified in his recent work to combat unsolicited electronic messages (spam). Along with his collaborators, including Geoffrey M. Voelker from the Jacobs School of Engineering at UC San Diego and Vern Paxson at UC Berkeley, Savage designed investigations to understand how spammers make money, as well as what might be done to disrupt this fundamental incentive.

In one project, he and his colleagues infiltrated a “botnet” by which spammers sent billions of emails via infected computers and uncovered fascinating insights into the economics of spam schemes. For example, the research demonstrated that for each $100 purchase of Viagra, the spammers needed to send approximately 12,000,000 spam emails. And although this would seem to infer a poor return on investment, Savage’s team determined that the spammers’ low cost structure allowed them to extract a profit of $1.5 million to $2 million per year.

Having shown that spam remained profitable in spite of existing defenses, Savage’s team then mounted a large-scale study to identify other bottlenecks in the spam business model that might be targeted more effectively. By tracking millions of spam emails and identifying the individual services required to monetize them – domain registrars, name servers, Web hosting services, payment processors and so on – they were able to construct a complete model of dependencies in the spam supply chain. Their work showed that of all these resources, the merchant bank accounts used to receive credit card payments were the most valuable and vulnerable to disruption. Based on these results, anti-counterfeiting organizations, brand holders and government agencies worked with Visa, MasterCard and their member banks to shutter these merchant accounts and put direct financial pressure on spammers.

In another study, Savage worked with Tadayoshi Kohno, an alumnus of his research group who is now a professor of computer science and engineering at the University of Washington, and a group of students to examine the emerging trends of computerized control and connectivity in automobiles. By seeking to analyze the security of a test automobile from many points of entry, the group found that someone without any physical access to the vehicle could exercise arbitrary control from a remote distance, including disabling the brakes, controlling the engine, tracking the vehicle and listening to conversations among passengers. Savage and the group worked closely with manufacturers to eliminate or mitigate these vulnerabilities in millions of automobiles and also helped drive international standards bodies and the National Highway Traffic Safety Administration to adopt cybersecurity as a key area of responsibility.

“Keeping networks secure is an ongoing battle,” explained ACM President Alexander L. Wolf. “Coming up with a technical advancement to block an adversary is important. But, very often, the adversaries soon find new ways in. Stefan Savage has shifted thinking and prompted us to ask ourselves how we might impede the fundamental support structure of an attacker. His frameworks will continue to significantly influence network security initiatives in the coming years.”

“Dr. Savage has dedicated his career to analyzing, protecting, and strengthening the systems and networks that make our digital age possible. From network congestion control, worms and malware to wireless security, his work has helped advance a wide range of areas,” said Vishal Sikka, Chief Executive Officer & Managing Director of Infosys. “Dr. Savage is a true innovator, pursuing his curiosity and passion toward new frontiers in cybersecurity, and exemplifying the kind of work that the ACM-Infosys Foundation Award is proud to support.”