usenix conference policies
An Agenda for Empirical Cyber Crime Research
JOINT ATC, WEBAPPS, AND HOTCLOUD KEYNOTE ADDRESS
Computer security is a field that is fundamentally co-dependent—driven to respond by the actions of adversaries. This dance fuels both the research community and a multi-billion-dollar computer security industry. However, to date most efforts have focused on the technical components of this battle: identifying new vulnerabilities, exploits, and attacks, building and deploying new defenses, and so on. In this talk, I will argue for a complementary research agenda based on understanding the business models that drive today's Internet attacks, deconstructing the underlying value chain for attackers and ultimately using this information to better focus on security interventions. I will provide a rough sketch of the modern cyber-criminal ecosystem, describe its dependencies, and highlight some of the key open questions that motivate our focus. Using a range of activities, including our own completed studies, work in progress, and work in development, I'll illustrate how many of these questions can be tackled empirically. Along the way, I'll discuss the real and significant challenges in conducting this sort of research and how we address these issues in practice. Finally, I'll play pundit and predict where the greatest opportunities for impact are likely to be found.
Stefan Savage is a professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie Mellon University. Savage's research interests lie at the intersection of distributed systems, networking, and computer security, with a current focus on embedded security and the economics of cybercrime. He currently serves as director of UCSD's Center for Network Systems (CNS) and as co-director for the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute. Savage is a fairly down-to-earth guy and only writes about himself in the third person when asked.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Stefan Savage},
title = {An Agenda for Empirical Cyber Crime Research},
year = {2011},
address = {Portland, OR},
publisher = {USENIX Association},
month = jun
}
connect with us