Stefan Savage

Stefan Savage (born 1969) is an American computer science researcher, currently an Associate Professor in the Systems and Networking Group at the University of California San Diego. Savage is widely-cited in the areas of network worms and malware propagation, distributed denial of service (DDOS) mitigation and traceback, and wireless security. He received his Ph.D. from the University of Washington. [Citation
newspaper=The San Diego Union Tribune
title=People To Watch: Stefan Savage
year=2005
url=http://lazowska.cs.washington.edu/savage.htm]

In 1999, Savage's research team published "TCP Congestion Control with a Misbehaving Receiver", which uncovered protocol flaws in the TCP protocol that carries most Internet traffic. By exploiting these flaws, Savage proposed means for attackers to evade congestion control, allowing attackers to monopolize crowded network connections that would otherwise be shared by multiple users. This was the first paper to address congestion control evasion as a vulnerability, rather than as a theoretical design implication. That same year, Savage published "Sting", a paper and software tool that presented a mechanism to abuse quirks in the TCP protocol to allow a single party to infer bidirectional packet loss, a valuable contribution to traffic measurement. [http://citeseer.ist.psu.edu/savage99tcp.html>] [ [http://citeseer.ist.psu.edu/savage99sting.html Sting: a TCP-based Network Measurement Tool - Savage (ResearchIndex) ] ]

In 2000, Savage's team published "Practical Network Support for IP Traceback", which proposed a simple stochastic extension to internet routers that would enable them to trace floods of traffic back to their origin. IP traceback is a major open networking research question, with significant implications towards DDOS mitigation: if IP traffic can be traced, Internet Service Providers can track down and halt DDOS floods. Savage later co-founded Asta Networks, which offered a product that addressed these problems. [ [http://citeseer.ist.psu.edu/savage00practical.html Practical Network Support for IP Traceback - Savage, Wetherall, Karlin, Anderson (ResearchIndex) ] ]

In 2001, Savage, with colleagues at UCSD and CAIDA, published "Inferring Internet Denial-of-Service Activity", which introduced the idea of the network telescope and provided major empirical results regarding DDOS attacks. [ [http://citeseer.ist.psu.edu/moore01inferring.html Inferring Internet Denial-of-Service Activity - Moore, Voelker, Savage (ResearchIndex) ] ] Follow-on work has provided insight into the spread of network worms, including Code Red II and Slammer. [ [http://www-cse.ucsd.edu/~savage/papers/IEEESP03.pdf Inside the slammer worm - Security & Privacy Magazine, IEEE ] ]

In 2003, John Bellardo and Savage published "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions", which introduced practical attacks on 802.11 wireless protocol flaws that would allow attackers to force legitimate clients off wireless networks. The paper is also a notable example of applied reverse engineering in an academic setting; Bellardo and Savage reverse engineered the Intersil wireless chipset, finding an undocumented diagnostic mode that allowed them to directly inject malicious wireless packets onto a network. [http://www.cs.ucsd.edu/~savage/papers/UsenixSec03.pdf]

In 2004, Savage and George Varghese led a research team that published "Automated Worm Fingerprinting", which introduced a novel hashing technique that allowed network operators to monitor network traffic and uncover data patterns that were "propagating", spreading across the network at an unusual rate. Propagating traffic is a strong indicator for network worm outbreaks, a key unsolved problem in network security. Varghese later co-founded Netsift to capitalize on this research; Cisco purchased Netsift in 2005. [ [http://citeseer.ist.psu.edu/singh04automated.html Automated Worm Fingerprinting - Singh (ResearchIndex) ] ]

External links

* [http://www.cs.ucsd.edu/~savage/ Stefan Savage's home page at UCSD]

References