My current research focuses on web security and privacy, with a special focus on the design and evaluation of effective web security policies and robust web system designs. I also have research interest in the analysis of botnet architectures and in developing techniques to detect and remediate this form of malware. I am broadly interested in solving any challenging problem in the area of computer and networked systems security.

Publications

1. Kapil Singh, Helen J. Wang, Alexander Moshchuk, Collin Jackson and Wenke Lee, "HTTPi for Practical End-to-End Web Content Integrity". Technical Report MSR-TR-2011-63, Microsoft Research, Redmond, April 2011.
   
   
2. Chaitrali Amrutkar, Kapil Singh, Arunabh Verma and Patrick Traynor, "On the Disparity of Display Security in Mobile and Traditional Web Browsers". Technical Report GT-CS-11-02, Georgia Institute of Technology, Atlanta, January 2011.
   
   
3. Kapil Singh, Ikpeme Erete and Wenke Lee, "I Own, I Provide, I Decide: Generalized User-Centric Access Control Framework for Web Applications". Technical Report GT-CS-10-22, Georgia Institute of Technology, Atlanta, December 2010.
   
   
4. Kapil Singh, Samrit Sangal, Nehil Jain, Patrick Traynor and Wenke Lee, "Evaluating Bluetooth as a Medium for Botnet Command and Control". Proceedings of 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Bonn, Germany, July 2010. [pdf]
   
   
5. Kapil Singh, Alexander Moshchuk, Helen J. Wang and Wenke Lee, "On the Incoherencies in Web Browser Access Control Policies". Proceedings of 31st IEEE Symposium on Security and Privacy (Oakland), Oakland, CA, May 2010. [pdf]
   
   
6. Kapil Singh, Sumeer Bhola and Wenke Lee, "xBook: Redesigning Privacy Control in Social Networking Platforms". Proceedings of 18th USENIX Security Symposium, Montreal, Canada, August 2009. [pdf]
   
   
7. Kapil Singh and Wenke Lee, "On the Design of a Web Browser: Lessons learned from Operating Systems". Workshop on Web 2.0 Security and Privacy (W2SP), Oakland, USA, May 2008. [pdf]
   
   
8. Kapil Singh, Abhinav Srivastava, Jonathon Giffin and Wenke Lee, "Evaluating Email's Feasibility for Botnet Command and Control". Proceedings of 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Anchorage, USA, June 2008. [pdf]
   
   
9. Abhinav Srivastava, Kapil Singh and Jonathon Giffin, "Secure Observation of Kernel Behavior". Technical Report GT-CS-08-01, Georgia Institute of Technology, Atlanta, 2008. [pdf]
   
   
10. Monirul Sharif, Kapil Singh, Jonathon Giffin and Wenke Lee, "Understanding Precision in Host-based Intrusion Detection: Formal Analysis and Practical Models". Proceedings of RAID 2007 - Recent Advances in Intrusion Detection, Surfers Paradise, Australia, September 2007. [pdf]
    
    
11. Son Vuong and Kapil Singh, Chapter on VoIP Security. Network Security: Current Status and Future Directions, IEEE Press, Wiley Publications, 2007.
    
    
12. Kapil Singh and Norman C. Hutchinson, "A Trust-based model for Collaborative Intrusion Response". 6th Symposium on Operating Systems Design and Implementation (OSDI'04), WIP session, San Francisco, USA, December 2004. [pdf]
    
    
13. Kapil Singh and Norman C. Hutchinson, "A Trust-based model for Collaborative Intrusion Response". Technical Report TR-2005-16, University of British Columbia, Canada, 2005.
    
    
14. Kapil Singh and Son Vuong, "Blaze: A Mobile Agent Paradigm for VoIP Intrusion Detection Systems". Proceedings of ICETE 2004 - International Conference on E-Business and Telecommunication Networks, Setubal, Portugal, August 2004. [pdf]
    
    
15. Ken Deeter, Kapil Singh, Luca Fillipozzi, Steve Wilson and Son Vuong, "Aphids: A Mobile Agent-based Programmable Hybrid Intrusion Detection System". Proceedings of MATA 2004 - Workshop on Mobile Aware Technologies and Applications (Formerly Mobile Agents for Telecommunication Applications), Florianopolis, Brazil, October 2004. [pdf]
    
    
16. Kapil Singh and Pawan Agarwal, "Pricing the Internet - An Approach to Relieve Congestion. Analysis of various Pricing Schemes", iNFLUX 2000 , Roorkee, India, 2000. [Synopsis]
    
    

Education

Ph.D. Computer Science Georgia Institute of Technology, Atlanta, USA GPA - 4.0/4.0

M.Sc. Computer Science University of British Columbia, Vancouver, Canada GPA - 4.0/4.0

B.Tech. Computer Science and Technology Indian Institute of Technology (IIT), Roorkee, India Aggregate - 82% with honors

Professional Experience

Microsoft Research, Redmond (Research Intern) [May 2009 - August 2010]
Studied the current state of access control policies that browsers use to share resources among their web site principals. We analyzed three major access control flaws: (1) principal labeling is different for different resources, raising problems when resources interplay, (2) runtime changes to principal identities are handled inconsistently, and (3) browsers mismanage resources belonging to the user principal. We showed that such mishandling of principals leads to many access control incoherencies, presenting hurdles for construction of secure web applications. Another unique contribution of this work is to identify the compatibility cost of removing these unsafe policies from the current web. To do this, we built a crawler-based browser policy measurement framework and used it to analyze unsafe features used by 100,000 popular web sites.
More details to be added.

IBM Research T. J. Watson (Research Intern) [May 2008 - August 2008]
Designed and implemented a novel framework for building social networks that provides privacy control for data sharing with third party applications. We used information flow models to control what untrusted applications can do with the information they receive. We showed the viability of our design by means of a platform prototype and also developed some sample applications using the platform APIs. We are in the process of patenting and publishing this work.

IBM Research T. J. Watson (Research Intern) [May 2007 - August 2007]
Development of heuristics and mechanisms to detect P2P botnets, analyzing their traffic characteristics to differentiate P2P botnets from normal P2P networks. We developed network-based heuristics without relying on packet payload.

Damballa Inc., Atlanta (Research Intern) [May 2006 - August 2006]
Development of heuristics and mechanisms to detect IRC-based botnets, analyzing their characteristics and enumerating the victim machines. My responsibilities include devel opment of the detection tool and streamlining the process of botnet detection with victim enumeration. I also developed heuristics for botnet detection in the absence of any bot binary analysis.

Hughes Software Systems (Senior Software Engineer) [June 2001 - July 2003]
I was involved in a wide range of Telecommunication projects, major being SPACEWAY - the next generation Satellite network developed for Hughes Network Systems, USA in sequence to its popular DirecTV/DirecPC network.    [Details]

Honors and Awards

International Partial Tuition Scholarship, University of British Columbia, 2003-05.

University Merit Scholarship for academic excellence, IIT Roorkee, 1997-2001.

Gold Medal for highest marks in Economics and Management during undergraduate study.

National Talent Search Examination (NTSE) Scholarship awarded by National Council of Educational Research and Training, India to top 1% of approximate 50,000 candidates.

Past Projects

Anonymous Peer-to-Peer File Sharing System     [Abstract]

Hybrid Profiling Strategy for Intrusion Detection     [Abstract]

APHIDS: Agent-based Programmable Hybrid Intrusion Detection System     [Abstract]

Intrusion Detection and Analysis     [Abstract]

An Efficient Implementation of VoIP on Linux Platform (Undergraduate Thesis)     [Abstract]

Compact Binary Encoding of a WML document     [Abstract]

Cirruculum Vitae

Detailed (HTML)

Affiliated Web Page(s)

Personal Web Page