The award recognizes individuals whose work has demonstrated exceptional creativity; promise for important future advances based on a track record of significant accomplishments, and potential for the fellowship to facilitate subsequent creative work.
Savage is being recognized for “identifying and addressing the technological, economic and social vulnerabilities underlying internet security challenges and cybercrime.” “This award recognizes the creative and innovative research Stefan has been conducting since he joined the faculty here at UC San Diego 17 years ago,” said Chancellor Pradeep K. Khosla. “His work has had a tremendous impact on disrupting cybercriminal networks and on raising awareness about how vulnerable cars can be to cybersecurity threats. Stefan exemplifies UC San Diego's culture of innovation that is positively impacting our global society.”
Savage has been on the faculty of the UC San Diego Jacobs School of Engineering since 2000. He is a professor in the Department of Computer Science and Engineering and has held the Irwin Mark and Joan Klein Jacobs Chair in Information and Computer Science since 2016.
He found out that he received the award in a somewhat unusual way. The MacArthur Foundation had been trying to reach him by phone repeatedly. But Savage had not picked up because he didn’t recognize the number the calls were coming from. Ever the security expert, he eventually looked up the number and found that it was associated with the foundation. He called back. He then had to prove who he was before foundation representatives gave him the good news.
“I was in total shock,” he said in a phone interview. At this point, he hasn’t formulated a plan to spend the funds, he added.
“It’s wonderful to see Stefan Savage being recognized for his boundary-breaking research. Stefan is an outstanding scholar, teacher and mentor. In addition, he embraces the hard work necessary to ensure that his teams’ security research makes real and lasting impacts on society,” said Albert P. Pisano, dean of the Jacobs School of Engineering.
The award recognizes three major research directions that have driven Savage’s work in the past two decades: understanding how cars are vulnerable to hacking; investigating the world of cybercrime and its economics, and creating new strategies to defend against malware.
Cybersecurity in cars
In 2010, Savage and colleagues were the first to demonstrate the ability to hack an automobile remotely—including taking control over the engine and brakes and monitoring conversations taking place within the car. In addition to working with car manufacturers to mitigate the immediate security threats, Savage and collaborators have also investigated how the idiosyncrasies of the automobile sector’s supply chains give rise to compromised car software—and make it harder to fix that software. Savage has advocated for better regulation of Internet-connected devices in cars, in order to create built-in defenses against hacking within these systems. Since then, the growing prevalence of physical “smart” devices in our lives has made network cybersecurity an increasingly urgent priority.
The economics of cybercrime
Savage is the lead researcher on a five-year, $10 million grant from the National Science Foundation to map out illicit activities taking place in the cybersecurity underworld and to understand how the mind of a cybercriminal works.
“Fighting cyber threats requires more than just understanding technologies and the risks they’re associated with; it requires understanding human nature,” Savage explained when the grant was awarded in 2012. “At its heart, cybersecurity is a human issue. It’s about conflict, and computers are merely the medium where this conflict takes place.”
He and colleagues were able to identify a critical bottleneck for spam email campaigns and online counterfeit goods transactions: only a few banks accept the credit card transactions necessary for these online ventures to monetize their activities. These findings allowed the drug and credit card companies to disrupt the business models of several counterfeit drug rings to such an extent that they collapsed.
Defenses against malware and distributed denial of service attacks
Denial-of-service attacks disable servers linked to the Internet by overloading them with messages, which usually contain false source addresses ('spoofing') to conceal the location of the attacker. UC San Diego researchers, including Savage and fellow computer science professor Geoff Voelker, were early pioneers in studying this phenomenon. They used key features of those forged signatures to detect and track the attacks.
A 2001 study co-authored by Savage and Voelker with then Ph.D. student David Moore found that some attacks flooded their targets with “instantaneous loads” peaking at 600,000 message packets per second – crippling the infrastructure. This remains a current problem, as these attacks have crippled even the likes of Google and Amazon in recent years, topping at a reported 1.1 terabits per second in 2016. The 2001 study’s relevance today was demonstrated when it received the 2017 USENIX Security Test of Time Award this summer.
In addition, to impede the spread of fast-acting worms, which can quickly compromise an entire computer network, Savage, colleagues and students devised a method for automatically measuring unusual data patterns and identifying worm signatures (or recurring strings of code) across a network.