Why the hard problem of computer security needs the soft sciences
Computer security is a field that is fundamentally co-dependentdriven to respond by the actions of adversaries. This dance fuels both the research community and a multi-billion-dollar computer security industry. However, to date most efforts have focused on the technical components of this battle: identifying new vulnerabilities, exploits, and attacks, building and deploying new defenses, and so on. However, this focus on the "medium" of the conflict has not been matched by a similar effort to understand the underlying drivers, dependencies and motivations. In this talk, I will argue that there is a critical, yet underserved, research agenda focusing on the social and economic forces that drive and structure online attacks. Using the sale of counterfeit goods as a case study, I will show that the empirical analyses of these factors are both achievable and essential for security interventions to have meaningful impact. Finally, I'll discuss the significant challenges in conducting this sort of research (which involves both network measurement and direct engagement with criminal enterprises) and bringing the results to appropriate stakeholders.
Stefan Savage is a professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie Mellon University. Savage's research interests lie at the intersection of distributed systems, networking, and computer security, with a current focus on embedded security and the economics of cybercrime. He currently serves as director of UCSD's Center for Network Systems (CNS) and as co-director for the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute. Savage is a fairly down-to-earth guy and only writes about himself in the third person when asked.