Stefan Savage

Stefan Savage (born 1969) is an American computer science researcher, currently a Professor in the Systems and Networking Group at the University of California, San Diego. Savage is widely cited in the areas of network worms and malware propagation, distributed denial of service (DDOS) mitigation and traceback, and wireless security. He received his Ph.D. from the University of Washington.^[1]

Career

In 1999, Savage's research team published TCP Congestion Control with a Misbehaving Receiver, which uncovered protocol flaws in the TCP protocol that carries most Internet traffic. By exploiting these flaws, Savage proposed means for attackers to evade congestion control, allowing attackers to monopolize crowded network connections that would otherwise be shared by multiple users. This was the first paper to address congestion control evasion as a vulnerability, rather than as a theoretical design implication. That same year, Savage published "Sting", a paper and software tool that presented a mechanism to abuse quirks in the TCP protocol to allow a single party to infer bidirectional packet loss, a valuable contribution to traffic measurement.^[2][3]

In 2000, Savage's team published Practical Network Support for IP Traceback, which proposed a simple stochastic extension to internet routers that would enable them to trace floods of traffic back to their origin. IP traceback is a major open networking research question, with significant implications towards DDOS mitigation: if IP traffic can be traced, Internet Service Providers can track down and halt DDOS floods. Savage later co-founded Asta Networks, which offered a product that addressed these problems.^[4]

In 2001, Savage, with colleagues at UCSD and CAIDA, published Inferring Internet Denial-of-Service Activity, which introduced the idea of the network telescope and provided major empirical results regarding DDOS attacks.^[5] Follow-on work has provided insight into the spread of network worms, including Code Red II and SQL Slammer.^[6]

In 2003, John Bellardo and Savage published 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions, which introduced practical attacks on 802.11 wireless protocol flaws that would allow attackers to force legitimate clients off wireless networks. The paper is also a notable example of applied reverse engineering in an academic setting; Bellardo and Savage reverse engineered the Intersil wireless chipset, finding an undocumented diagnostic mode that allowed them to directly inject malicious wireless packets onto a network.^[7]

In 2004, Savage and George Varghese led a research team that published Automated Worm Fingerprinting, which introduced a novel hashing technique that allowed network operators to monitor network traffic and uncover data patterns that were "propagating", spreading across the network at an unusual rate. Propagating traffic is a strong indicator for network worm outbreaks, a key unsolved problem in network security. Varghese later co-founded Netsift to capitalize on this research; Cisco purchased Netsift in 2005.^[8]

In 2010 he was named a Fellow of the Association for Computing Machinery.^[9]

External links

• Stefan Savage's home page at UCSD

References

1. ↑ "People To Watch: Stefan Savage", The San Diego Union Tribune, 2005 
2. ↑ http://citeseer.ist.psu.edu/savage99tcp.html>
3. ↑ Sting: a TCP-based Network Measurement Tool - Savage (ResearchIndex)
4. ↑ Practical Network Support for IP Traceback - Savage, Wetherall, Karlin, Anderson (ResearchIndex)
5. ↑ Inferring Internet Denial-of-Service Activity - Moore, Voelker, Savage (ResearchIndex)
6. ↑ Inside the slammer worm - Security & Privacy Magazine, IEEE
7. ↑ http://www.cs.ucsd.edu/~savage/papers/UsenixSec03.pdf
8. ↑ Automated Worm Fingerprinting - Singh (ResearchIndex)
9. ↑ http://www.acm.org/press-room/news-releases/2010/fellows-2010