For totally serendipitous reasons,
we ended up having an amazing
monitoring capability at UCSD where
we could measure how a worm was
spreading over the Internet and look
at different DOS attacks. I started
working with Geoff Voelker and Vern
Paxson, and we did a lot of purely
technical work until about 2007.
Since then, you have taken a more
holistic approach, in which you look
beyond the technical components of
computer security to economic and social motives.
At the end of the day, the only reason
you care about security is that you actually think someone is out to get you. But
that’s not always reasonable. No one is
hacking my kid’s Barney the Dinosaur
doll; there’s no incentive. All of the conflict we have in the cyber realm is conflict that just generally exists. It’s not
like if there weren’t computers, people wouldn’t still want your money or
want to steal your intellectual property. It’s just that that’s the medium
through which they can do it in the
21st century, given that we’ve shoved a
bunch of money and valuable information online.
One of the first domains you looked
into using this lens was spam.
When we began our research, we
realized that we tend to think about
spam as a filtering problem: how do I
recognize the email that I want from
the email that I don’t want? To a certain extent that works—most of us
have a modest amount of spam, and
CONSIDER THE SPAMMER: that is what
University of California, San Diego
(UCSD) professor and this year’s
ACM-Infosys Foundation Award recipient Stefan Savage did nearly 10
years ago, when he began to expand
his research beyond the technical
aspects of network security. What
he found was not just a fascinating
glimpse into an underground community and a dynamic global marketplace; he also gained insights that led
to valuable techniques for combatting spam, reducing vulnerabilities
in automotive software, and strengthening cybersecurity.
You have spent the bulk of your career
in network security. What sparked your
When I got to UCSD, I was working on network protocols, and for a
variety of self-serving reasons, I began wondering if you could abuse
those protocols to do different kinds
of measurements. It turns out that
That is what opened your eyes?
All of this stuff presumes that everyone is well behaved, and if you’re
not, you can do all kinds of strange
things. It’s almost like those sci-fi
horror movies where you get the special glasses and you can see aliens.
You start looking at the world like an
This was during the Internet worm
outbreak era, when worms were tak-
ing over hundreds of thousands of
Stefan Savage’s innovative research has focused on strengthening
the security, privacy, and reliability of networks.
DOI: 10.1145/2968032 Leah Hoffmann
[CONTINUED ON P. 103]
“At the end of the day,
the only reason
you care about
that you actually
is out to get you.”