Joint Colloquium Distinguished Lecture Series

Looking before you leap: The argument for data-driven security

Stefan Savage

Wednesday, March 14, 2012
306 Soda Hall (HP Auditorium)
4:00 - 5:00 pm

Stefan Savage
Professor, Department of Computer Science and Engineering, UC San Diego

Downloadable pdf


Computer security is a field that is fundamentally co-dependent --driven to respond by the actions of adversaries. This dance fuels both the research community and a multi-billion-dollar computer security industry. However, to date most efforts have focused on the technical components of this battle: identifying new vulnerabilities, exploits, and attacks, building and deploying new defenses, and so on. However, this focus on the "medium" of the conflict has not been matched by a similar effort to understand the underlying drivers, dependencies and motivations. In this talk, I will argue for a complementary research agenda based on understanding the social and economic forces that drive today's Internet attacks, deconstructing the underlying value chain for attackers and ultimately using this information to better focus on security interventions. I will provide a rough sketch of the modern cyber-criminal ecosystem, describe its dependencies, and highlight some of the key open questions that motivate our focus. Using the sale of counterfeit goods as a case study, I'll show that the empirical analyses of these factors are both achievable and essential for security interventions to have meaningful impact. Finally, I'll discuss the real and significant challenges in conducting this sort of research (which involves both network measurement and direct engagement with criminal enterprises) and in bringing it to appropriate stakeholders.


Stefan Savage joined the Jacobs School Computer Science and Engineering faculty in January 2001. He received his PhD from the University of Washington where he focused both on network protocol design and operating system structuring. He was a co-founder of Seattle-based startup Asta Networks, which specialized in denial-of-service defense and he continues to provide guidance to the public and private sectors relating to Internet security. His current interests include automated network defenses, adaptive Internet distributed storage systems and self-configuring 802.11-based wireless access networks.

  Return to EECS Joint Colloquium