Stefan Savage

Professor

Department of Computer Science and Engineering

University of California, San Diego


Office: EBU3B 3106
Email: savage AT cs.ucsd.edu
Mail:

UCSD Dept of CSE

9500 Gilman Drive, MC 0404,

La Jolla, CA  92093-0404

Voice (858)-822-4895
FAX (858)-534-7029
Systems and Networking Group

Security Group


Recent publications

No Privacy Among Spies: Assessing the Functionality and Insecrutiy of Consumer Android Spyware Apps, Enze Liu, Sumanth Rao, Sam Havron, Grant Ho, Stefan Savage, Geoffrey M. Voelker, and Damon McCoy, Proceedings on Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, July 2023.

Retroactive Identification of Targeted DNS Infrastructure Hijacking, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Zakir Durumeric, kc Claffy, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Where .ru? Assessing the Impact of Conflict on Russian Domain Infrastructure, Mattijs Jonker, Gautam Akiwate, Antonia Affinito, kc Claffy, Alessio Botta, Geoffrey M. Voelker, Rolan van Rijswijk-Deij, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Measuring UID Smuggling in the Wild, Audrey Randall, Peter Snyder, Alisha Ukani, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Measuring Security Practices, Louis F. DeKoven, Audrey Randall, Ariana Mirian, Gautam Akiwate, Ansel Blume, Lawrence K. Saul, Aaron Schulman, Geoffrey M. Voelker, and Stefan Savage, Communications of the Association for Computing Machinery 65(9):93-102, September 2022.

Domain Name Lifetimes: Baseline and Threats, Antonia Affinito, Raffaele Sommese, Gautam Akiwate, Stefan Savage, KC Claffy, Geoffrey M. Voelker, Alessio Botta, and Mattijs Jonker, Proceedings of Network Traffic Measurement and Analysis Conference (TMA), June 2022.

Risky BIZness: Risks Derived from Registrar Name Management, Gautam Akiwate, Stefan Savage, Geoffrey M. Voelker, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.

Who's Got Your Mail? Characterizing Mail Service Provider Usage, Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.

Home is Where the Hijacking is: Understanding DNS Interception by Residential Routers, Audrey Randall, Enze Liu, Ramakrishna Padmanabhan, Gautam Akiwate, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference (IMC), Virtual, November 2021.

Characterization of Anycast Adoption in the DNS Authoritative Infrastructure, Raffaele Sommese, Gautam Akiwate, Mattijs Jonker, Giovane C. M. Moura, Marco Davids, Roland van Rijswijk-Deij, Geoffrey M. Voelker, Stefan Savage, kc Claffy, and Anna Sperotto, Proceedings of Network Traffic Measurement and Analysis Conference (TMA), September 2021. (Best Paper).

Hopper: Modeling and Detecting Lateral Movement, Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, and David Wagner, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

Jetset: Targeted Firmware Rehosting for Embedded Systems, Evan Johnson, Maxwell Bland, Yifei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko, Proceedings of the USENIX Security Symposium, Vancouver, B.C., Canada, August 2021.

CoResident Evil: Covert Communications in the Cloud with Lambdas, Anil Yelam, Ariana Mirian, Keerthana Ganesan, Shibani Subbareddy, and Stefan Savage, Proceedings of the Web Conference (WWW), Ljubljana, Solvenia, April 2021.

Clairvoyance: Inferring Blocklist Use on the Internet, Vector Guo Li, Gautam Akiwate, Kirill Levchenko, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Passive and Active Measurement Conference (PAM), Brandenburg, Germany, March 2021.

Доверя́й, но проверя́й: SFI safety for native-compiled Wasm, Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2021.

Unresolved Issues: Prevalence, Persistence and Perils of Lame Nameservers, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Ian Foster, Stefan Savage, Geoffrey M. Voelker, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Pittsburgh, Pennsylvania (via the Internet), October 2020.

Trufflehunter: Cache Sniffing Rare Domains at Large Public DNS Resolvers, Audrey Randall, Enze Liu, Gautam Akiwate, Ramakrishna Padmanabhan, Stefan Savage, Geoffrey M. Voelker, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference (IMC), Pittsburgh, Pennsylvania (via the Internet), October 2020. (IRTF Applied Networking Research Prize).

More...

Research  

I'm part of the Systems & Networking and Security research groups. My interests are all over the map, ranging from the economics of e-crime, to automotive and avaiation systems to routing protocols and data center virtualization and back again. I have very broad interests (i.e. try me if you have a crazy idea).

Students  
Enze "Alex" Liu
Ariana Miran
Audrey Randall
Evan Johnson

Gautam Akiwate (Ph.D., 2022) → Stanford postdoc
Guo "Vector" Li (Ph.D., 2020) → Google
Louis Dekoven (Ph.D., 2019) → Facebook
Wilson Lian (Ph.D., 2016) → Google
Neha Chachra (Ph.D., 2015) → Facebook
Matthew Der (Ph.D., 2015) → Notch → Capital One
Tristan Halvorson (Ph.D., 2015) → Google
Ian Foster (BS/MS, 2015) → Salesforce
He Liu (Lonnie) (Ph.D., 2015) → Google
David Wang (Ph.D, 2014) → Google → Etsy
Sarah Meiklejohn (Ph.D., 2014) → University College London
Daniel Turner (Ph.D., 2013) →TurboSquid → Shopify
Andreas Pitsillidis (Ph.D., 2013) → Google
Chris Kanich (Ph.D., 2012) → University of Illinois, Chicago
Damon McCoy (postdoc 2009-2011) → George Mason University → NYU
Marti Motoyama (Ph.D., 2011) → FitBit
Michael Vrable (Ph.D., 2011) → Google
Sushma Bannur (M.S., 2011) → Microsoft → Facebook
Kourosh Derakshan (M.S., 2011) → Qualcomm
Justin Ma (Ph.D., 2010) → Berkeley Postdoc → Google
Ge "Grace" Wang (M.S., 2010) → Qualcomm
Ryan Roemer (M.S., 2009) → Microsoft → IP Street → Curiosity Media → Formidable Labs
Kirill Levchenko (Ph.D., 2008) → UCSD Research Scientist → Illinois
David Moore (2008) → Cisco → Google
Varun Almaula (M.S., 2008) → Cisco
Yu-Chung Cheng (Ph.D., 2007) → Google
Alper Mizrak (Ph.D., 2007) → VmWare
John Bellardo (Ph.D., 2006) → Cal Poly SLO
Sumeet Singh (2006) → NetSift → Cisco → Microsoft → AppFormix
Chris Tuttle (M.S., 2006) → Google
Ishwar Ramani (M.S., 2005) → Juniper Networks → VUDU → Lab126
Ranjita Bhagwan (Ph.D., 2004) → IBM Research → Microsoft Research
Doug Brown (M.S., 2003) → NYU Law School → Asst U.S. Attorney → Chapin Fitzgerald LLP → Abelson Herron Halpern LLP
Recent teaching  
Fall 22: CSE 127 Computer Security (undergrad)
Winter 22: GPA 477 Cyber Security (grad policy course -- materials on Canvas)
Winter 22: CSE 291-6 Ransomware (grad)
Fall 21: CSE 227 Computer Security (grad)
Spring 21: GPA 477 Cyber Security (grad policy course -- materials on Canvas)
Spring 21: CSE 127 Computer Security (undergrad)
Winter 21: CSE291-C Security, Privacy and US Law (grad)
Spring 20: GPA 477 Cyber Security (grad policy course -- materials on tritonEd)
Spring 20: CSE 127 Computer Security (undergrad)
Professional Activities
ACM CCS Steering Committee, 2015-present
USENIX Enigma Steering Committee, 2016-2021
Program Co-chair, 2016 USENIX Security Symposium
Progrm Committee, 2015 ACM SIGCOMM
Program Committee, 2012 USENIX Symposium on Operating System Design and Implementation (OSDI)
Program Committee, 2011 ACM SIGCOMM Conference
Program Committee, 2011 USENIX LEET Workshop
Program Committee, 2010 USENIX Networked Systems Design and Implementation (NSDI)
Program Committee, 2010 USENIX LEET Workshop
Program Committee, 2009 ACM Symposium on Operating System Principles (SOSP)
Program Committee, 2009 IEEE Symposium on Security and Privacy
Program Co-chair, 2008 ACM SIGCOMM Conference
Steering Committee,
2008-present USENIX LEET Workshop
Program Committe, 2008 USENIX WOWCS Workshop
Member, NSF GENI Science Council, 2007-2008
Program Co-chair, 2007 ACM HotNets Workshop
Program Committee, 2007 ACM Workshop on Recurring Malcode (WORM)
Program Committee, 2007 ACM Symposium on Operating System Principles (SOSP)
Program Committee, 2007 ACM SIGCOMM Conference
Program Committee, 2006 IEEE Symposium on Security and Privacy
NRC/CSTB Study: Improving Cybersecurity Research in the United States (2004-2005)
Program Committee, 2005 USENIX Networked Systems Design and Implementation (NSDI)
Program Committee, 2005 ACM Symposium on Operating System Principles (SOSP)
Program Committee, 2004 ACM Workshop on Rapid Malcode (WORM)
Program Co-chair, 2004 USENIX/ACM Networked Systems Design and Implementation (NSDI)
Co-Organizer, 2003 DIMACS Workshop on Large-Scale Internet Attacks
Program Chair, 2003 ACM Workshop on Rapid Malcode (WORM)
Program Committee, 2003 ACM Symposium on Operating System Principles (SOSP)
Program Committee, 2003 ACM SIGCOMM Conference
Program Committee, 2003 DISCEX Conference
Program Committee, 2003 ACM HotNets Workshop
Program Committee, 2002 ACM SIGCOMM Conference
Program Committee, 2001 Global Internet Symposium
Internet2 Network Research Liason Council, 2002-2004.
CSTB Research Horizons: Networking Research Workshop, 2001
DARPA ISAT Member, 2001-2004.
Misc

I got my undergrad degree in Applied History from CMU and my Ph.D. from the University of Washington (courtesy Brian Bershad and Tom Anderson). I was Co-founder and Chief Scientist at Asta Networks (now kaput), served on the Strategy Advisory Council of Rendition Networks (since acquired by OpsWare) and helped develop some of the technology used by Netsift (since acquired by Cisco). I do other consulting here and there.