UC San Diego cybersecurity expert honored with ACM-Infosys Foundation Award
New York and Bangalore, India, March 30, 2016 – The Association for Computing Machinery (ACM) and the Infosys Foundation announced today that Stefan Savage, a computer scientist at the University of California, San Diego, is the recipient of the 2015 ACM-Infosys Foundation Award in the Computing Sciences.
He was cited for innovative research in network security, privacy and reliability that has taught us to view attacks and attackers as elements of an integrated technological, societal and economic system. Savage's impact on the field of network security stems from the systematic approach he takes to assessing problems and combating adversaries ranging from malicious software and computer worms to distributed attacks.
The ACM-Infosys Foundation Award recognizes the finest recent innovations by young scientists and system developers in the computing field. An endowment from the Infosys Foundation provides financial support for the $175,000 annual award. ACM will present the ACM-Infosys Foundation Award at its annual awards banquet on June 11 in San Francisco.
"Stefan's work is creative and a fantastic example of how computer science is solving societal problems that go beyond engineering and science into economics, government and public policy," said Rajesh Gupta, chair of the Department of Computer Science and Engineering at UC San Diego, where Savage is on faculty. "His pioneering work in cybersecurity is already having repercussions in sectors as disparate as automotive security, electronic voting, and black-market pharmaceuticals."
Savage's unique methodology is perhaps best exemplified in his recent work to combat unsolicited electronic messages (spam). Along with his collaborators, including Geoffrey M. Voelker from the Jacobs School of Engineering at UC San Diego and Vern Paxson at UC Berkeley, Savage designed investigations to understand how spammers make money, as well as what might be done to disrupt this fundamental incentive.
In one project, he and his colleagues infiltrated a "botnet" by which spammers sent billions of emails via infected computers and uncovered fascinating insights into the economics of spam schemes. For example, the research demonstrated that for each $100 purchase of Viagra, the spammers needed to send approximately 12,000,000 spam emails. And although this would seem to infer a poor return on investment, Savage's team determined that the spammers' low cost structure allowed them to extract a profit of $1.5 million to $2 million per year.
Having shown that spam remained profitable in spite of existing defenses, Savage's team then mounted a large-scale study to identify other bottlenecks in the spam business model that might be targeted more effectively. By tracking millions of spam emails and identifying the individual services required to monetize them – domain registrars, name servers, Web hosting services, payment processors and so on – they were able to construct a complete model of dependencies in the spam supply chain. Their work showed that of all these resources, the merchant bank accounts used to receive credit card payments were the most valuable and vulnerable to disruption. Based on these results, anti-counterfeiting organizations, brand holders and government agencies worked with Visa, MasterCard and their member banks to shutter these merchant accounts and put direct financial pressure on spammers.
In another study, Savage worked with Tadayoshi Kohno, an alumnus of his research group who is now a professor of computer science and engineering at the University of Washington, and a group of students to examine the emerging trends of computerized control and connectivity in automobiles. By seeking to analyze the security of a test automobile from many points of entry, the group found that someone without any physical access to the vehicle could exercise arbitrary control from a remote distance, including disabling the brakes, controlling the engine, tracking the vehicle and listening to conversations among passengers. Savage and the group worked closely with manufacturers to eliminate or mitigate these vulnerabilities in millions of automobiles and also helped drive international standards bodies and the National Highway Traffic Safety Administration to adopt cybersecurity as a key area of responsibility.
"Keeping networks secure is an ongoing battle," explained ACM President Alexander L. Wolf. "Coming up with a technical advancement to block an adversary is important. But, very often, the adversaries soon find new ways in. Stefan Savage has shifted thinking and prompted us to ask ourselves how we might impede the fundamental support structure of an attacker. His frameworks will continue to significantly influence network security initiatives in the coming years."
"Dr. Savage has dedicated his career to analyzing, protecting, and strengthening the systems and networks that make our digital age possible. From network congestion control, worms and malware to wireless security, his work has helped advance a wide range of areas," said Vishal Sikka, Chief Executive Officer & Managing Director of Infosys. "Dr. Savage is a true innovator, pursuing his curiosity and passion toward new frontiers in cybersecurity, and exemplifying the kind of work that the ACM-Infosys Foundation Award is proud to support."
Stefan Savage is Professor in the Computer Science and Engineering department's Systems and Networking Group at UC San Diego's Jacobs School of Engineering. He received a B.S. degree in Applied History from Carnegie Mellon University and earned a Ph.D. in Computer Science from the University of Washington.
Savage has published more than 100 peer-reviewed journal and conference papers in the wide-ranging areas of the economics of e-crime, characterizing availability, automotive systems, routing protocols, and data center virtualization.
A Sloan Fellow and an ACM Fellow, Savage is a recipient of the ACM SIGOPS Mark Weiser Award. The award is given annually to an individual who has demonstrated creativity and innovation in operating systems research. Savage is also director of the Center for Networked Systems at UC San Diego.
ACM, the Association for Computing Machinery, (http://www.acm.org) is the world's largest educational and scientific computing society, uniting computing educators, researchers and professionals to inspire dialogue, share resources and address the field's challenges. ACM strengthens the computing profession's collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.
About The Infosys Foundation
Established in 1996, the Infosys Foundation is the philanthropic arm of Infosys and has the sole objective of fulfilling the social responsibility of the company by creating opportunities and working toward a more equitable society. The Infosys Foundation has made effective strides in the areas of healthcare, education, social rehabilitation, and the arts. The company contributes up to one percent of its profit to the foundation each year.
Infosys is a global leader in consulting, technology and outsourcing and next-generation services. We enable clients, in more than 50 countries, to stay a step ahead of emerging business trends and outperform the competition. We help them transform and thrive in a changing world by co-creating breakthrough solutions that combine strategic insights and execution excellence. Visit http://www.infosys.com to see how Infosys (NYSE: INFY), with $8.25billion in annual revenues and 165,000+ employees, is helping enterprises renew themselves while also creating new avenues to generate value.