{"id":"https://openalex.org/W2037786632","doi":"https://doi.org/10.1145/1698750.1698754","title":"CANDID","display_name":"CANDID","publication_year":2010,"publication_date":"2010-02-01","ids":{"openalex":"https://openalex.org/W2037786632","doi":"https://doi.org/10.1145/1698750.1698754","mag":"2037786632"},"language":"en","primary_location":{"id":"doi:10.1145/1698750.1698754","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1698750.1698754","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103411742","display_name":"Prithvi Bisht","orcid":null},"institutions":[{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Prithvi Bisht","raw_affiliation_strings":["University of Illinois, Chicago"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Chicago","institution_ids":["https://openalex.org/I39422238"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112870293","display_name":"P. Madhusudan","orcid":null},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"P. Madhusudan","raw_affiliation_strings":["University of Illinois, Urbana-Champaign","University of Illinois Urbana Champaign > > > >"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Urbana-Champaign","institution_ids":["https://openalex.org/I157725225"]},{"raw_affiliation_string":"University of Illinois Urbana Champaign > > > >","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058117020","display_name":"V. N. Venkatakrishnan","orcid":"https://orcid.org/0000-0002-1690-9185"},"institutions":[{"id":"https://openalex.org/I39422238","display_name":"University of Illinois Chicago","ror":"https://ror.org/02mpq6x41","country_code":"US","type":"education","lineage":["https://openalex.org/I39422238"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"V. N. Venkatakrishnan","raw_affiliation_strings":["University of Illinois, Chicago"],"affiliations":[{"raw_affiliation_string":"University of Illinois, Chicago","institution_ids":["https://openalex.org/I39422238"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5103411742"],"corresponding_institution_ids":["https://openalex.org/I39422238"],"apc_list":null,"apc_paid":null,"fwci":33.9916,"has_fulltext":false,"cited_by_count":167,"citation_normalized_percentile":{"value":0.99626481,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"13","issue":"2","first_page":"1","last_page":"39"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9682000279426575,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9111161828041077},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.8943545818328857},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.7216503024101257},{"id":"https://openalex.org/keywords/programmer","display_name":"Programmer","score":0.6921626329421997},{"id":"https://openalex.org/keywords/stored-procedure","display_name":"Stored procedure","score":0.5825207233428955},{"id":"https://openalex.org/keywords/java","display_name":"Java","score":0.5500109791755676},{"id":"https://openalex.org/keywords/pl/sql","display_name":"PL/SQL","score":0.5302006006240845},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.45780253410339355},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.4419286549091339},{"id":"https://openalex.org/keywords/query-by-example","display_name":"Query by Example","score":0.4258395731449127},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.363932728767395},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.23610147833824158},{"id":"https://openalex.org/keywords/web-search-query","display_name":"Web search query","score":0.20818394422531128},{"id":"https://openalex.org/keywords/search-engine","display_name":"Search engine","score":0.12006711959838867}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9111161828041077},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.8943545818328857},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.7216503024101257},{"id":"https://openalex.org/C2778514511","wikidata":"https://www.wikidata.org/wiki/Q1374194","display_name":"Programmer","level":2,"score":0.6921626329421997},{"id":"https://openalex.org/C154420247","wikidata":"https://www.wikidata.org/wiki/Q846619","display_name":"Stored procedure","level":5,"score":0.5825207233428955},{"id":"https://openalex.org/C548217200","wikidata":"https://www.wikidata.org/wiki/Q251","display_name":"Java","level":2,"score":0.5500109791755676},{"id":"https://openalex.org/C32145003","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"PL/SQL","level":5,"score":0.5302006006240845},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.45780253410339355},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.4419286549091339},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.4258395731449127},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.363932728767395},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.23610147833824158},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.20818394422531128},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.12006711959838867}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1698750.1698754","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1698750.1698754","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6299999952316284}],"awards":[{"id":"https://openalex.org/G7143248638","display_name":null,"funder_award_id":"CNS-0716584CNS-0551660CCF-0747041","funder_id":"https://openalex.org/F4320337388","funder_display_name":"Division of Computer and Network Systems"},{"id":"https://openalex.org/G8121459151","display_name":null,"funder_award_id":"CNS-0716584CNS-0551660CCF-0747041","funder_id":"https://openalex.org/F4320337387","funder_display_name":"Division of Computing and Communication Foundations"}],"funders":[{"id":"https://openalex.org/F4320337387","display_name":"Division of Computing and Communication Foundations","ror":"https://ror.org/01mng8331"},{"id":"https://openalex.org/F4320337388","display_name":"Division of Computer and Network Systems","ror":"https://ror.org/02rdzmk74"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W23242426","https://openalex.org/W39524137","https://openalex.org/W87331621","https://openalex.org/W109951691","https://openalex.org/W1505465226","https://openalex.org/W1511560695","https://openalex.org/W1561387739","https://openalex.org/W1582331515","https://openalex.org/W1598083179","https://openalex.org/W1648477960","https://openalex.org/W1658853941","https://openalex.org/W1975428729","https://openalex.org/W1997389706","https://openalex.org/W2001693166","https://openalex.org/W2008158744","https://openalex.org/W2008857097","https://openalex.org/W2032852944","https://openalex.org/W2080696000","https://openalex.org/W2081048703","https://openalex.org/W2113531724","https://openalex.org/W2119467398","https://openalex.org/W2122049982","https://openalex.org/W2134296086","https://openalex.org/W2144696387","https://openalex.org/W2147478478","https://openalex.org/W2156841542","https://openalex.org/W2295399529","https://openalex.org/W4241531852","https://openalex.org/W6603524715"],"related_works":["https://openalex.org/W151073879","https://openalex.org/W2359391484","https://openalex.org/W2463360381","https://openalex.org/W203994246","https://openalex.org/W3028718318","https://openalex.org/W99652509","https://openalex.org/W2487927454","https://openalex.org/W1121352735","https://openalex.org/W2037786632","https://openalex.org/W3021216941"],"abstract_inverted_index":{"SQL":[0,34,57,65,82,175],"injection":[1,58,66,83,176],"attacks":[2,16,67,97],"are":[3,17],"one":[4],"of":[5,64,75,104],"the":[6,13,72,88,102,105,146],"top-most":[7],"threats":[8],"for":[9,12,46,80,118],"applications":[10,26,50,167,191],"written":[11,168],"Web.":[14],"These":[15],"launched":[18],"through":[19],"specially":[20],"crafted":[21],"user":[22],"inputs,":[23],"on":[24,92,140,150],"Web":[25,49,166],"that":[27,69,164,200,202],"use":[28],"low-level":[29],"string":[30],"operations":[31],"to":[32,51,85,171],"construct":[33],"queries.":[35],"In":[36],"this":[37],"work,":[38],"we":[39],"exhibit":[40],"a":[41,111,151,160,185],"novel":[42,114],"and":[43,95,113,137],"powerful":[44],"scheme":[45],"automatically":[47],"transforming":[48],"render":[52],"them":[53,173],"safe":[54],"against":[55,101,174],"all":[56],"attacks.":[59,177],"A":[60],"characteristic":[61],"diagnostic":[62],"feature":[63],"is":[68,84,133,138],"they":[70],"change":[71],"intended":[73,121,142],"structure":[74,91,103],"queries":[76,122,143],"issued.":[77,108],"Our":[78,154],"technique":[79],"detecting":[81],"dynamically":[86,124],"mine":[87],"programmer-intended":[89],"query":[90,107,148],"any":[93],"input,":[94],"detect":[96],"by":[98,123,144,183],"comparing":[99],"it":[100],"actual":[106],"We":[109,178,195],"propose":[110],"simple":[112],"mechanism,":[115],"called":[116,162],"Candid,":[117],"mining":[119],"programmer":[120],"evaluating":[125],"runs":[126],"over":[127],"benign":[128],"candidate":[129],"inputs.":[130],"This":[131],"mechanism":[132],"theoretically":[134],"well":[135,207],"founded":[136],"based":[139],"inferring":[141],"considering":[145],"symbolic":[147],"computed":[149],"program":[152],"run.":[153],"approach":[155,204],"has":[156],"been":[157],"implemented":[158,181],"in":[159,169,208],"tool":[161],"Candid":[163,182],"retrofits":[165],"Java":[170,186],"defend":[172],"have":[179],"also":[180],"modifying":[184],"Virtual":[187],"Machine,":[188],"which":[189],"safeguards":[190],"without":[192],"requiring":[193],"retrofitting.":[194],"report":[196],"extensive":[197],"experimental":[198],"results":[199],"show":[201],"our":[203],"performs":[205],"remarkably":[206],"practice.":[209]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":8},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":12},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":9},{"year":2016,"cited_by_count":24},{"year":2015,"cited_by_count":14},{"year":2014,"cited_by_count":12},{"year":2013,"cited_by_count":18},{"year":2012,"cited_by_count":16}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}