{"id":"https://openalex.org/W2058226530","doi":"https://doi.org/10.1145/2133601.2133605","title":"SENTINEL","display_name":"SENTINEL","publication_year":2012,"publication_date":"2012-02-07","ids":{"openalex":"https://openalex.org/W2058226530","doi":"https://doi.org/10.1145/2133601.2133605","mag":"2058226530"},"language":"en","primary_location":{"id":"doi:10.1145/2133601.2133605","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2133601.2133605","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second ACM conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023380073","display_name":"Xiaowei Li","orcid":"https://orcid.org/0000-0002-0874-814X"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xiaowei Li","raw_affiliation_strings":["Vanderbilt University, Nashville, TN, USA"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University, Nashville, TN, USA","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050604451","display_name":"Wei Yan","orcid":"https://orcid.org/0000-0002-8059-6398"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wei Yan","raw_affiliation_strings":["Vanderbilt University, Nashville, TN, USA"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University, Nashville, TN, USA","institution_ids":["https://openalex.org/I200719446"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5028544932","display_name":"Yuan Xue","orcid":"https://orcid.org/0000-0002-5390-9037"},"institutions":[{"id":"https://openalex.org/I200719446","display_name":"Vanderbilt University","ror":"https://ror.org/02vm5rt34","country_code":"US","type":"education","lineage":["https://openalex.org/I200719446"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yuan Xue","raw_affiliation_strings":["Vanderbilt University, Nashville, TN, USA"],"affiliations":[{"raw_affiliation_string":"Vanderbilt University, Nashville, TN, USA","institution_ids":["https://openalex.org/I200719446"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5023380073"],"corresponding_institution_ids":["https://openalex.org/I200719446"],"apc_list":null,"apc_paid":null,"fwci":7.1055,"has_fulltext":false,"cited_by_count":22,"citation_normalized_percentile":{"value":0.96670099,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"25","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9937999844551086,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9848999977111816,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8652023077011108},{"id":"https://openalex.org/keywords/sql","display_name":"SQL","score":0.6774685978889465},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.5932367444038391},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.5671627521514893},{"id":"https://openalex.org/keywords/sql-injection","display_name":"SQL injection","score":0.5412783622741699},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5150792002677917},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5122546553611755},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4836824834346771},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4143449664115906},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3293517231941223},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.32151806354522705},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2579857110977173},{"id":"https://openalex.org/keywords/query-by-example","display_name":"Query by Example","score":0.15787523984909058},{"id":"https://openalex.org/keywords/search-engine","display_name":"Search engine","score":0.13215240836143494}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8652023077011108},{"id":"https://openalex.org/C510870499","wikidata":"https://www.wikidata.org/wiki/Q47607","display_name":"SQL","level":2,"score":0.6774685978889465},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.5932367444038391},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.5671627521514893},{"id":"https://openalex.org/C150451098","wikidata":"https://www.wikidata.org/wiki/Q506059","display_name":"SQL injection","level":5,"score":0.5412783622741699},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5150792002677917},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5122546553611755},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4836824834346771},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4143449664115906},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3293517231941223},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.32151806354522705},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2579857110977173},{"id":"https://openalex.org/C194222762","wikidata":"https://www.wikidata.org/wiki/Q114486","display_name":"Query by Example","level":4,"score":0.15787523984909058},{"id":"https://openalex.org/C97854310","wikidata":"https://www.wikidata.org/wiki/Q19541","display_name":"Search engine","level":2,"score":0.13215240836143494},{"id":"https://openalex.org/C164120249","wikidata":"https://www.wikidata.org/wiki/Q995982","display_name":"Web search query","level":3,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2133601.2133605","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2133601.2133605","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the second ACM conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7599999904632568,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W33764377","https://openalex.org/W1489243061","https://openalex.org/W1497959280","https://openalex.org/W1559255981","https://openalex.org/W1658853941","https://openalex.org/W1842818333","https://openalex.org/W1867275324","https://openalex.org/W1975428729","https://openalex.org/W1980694458","https://openalex.org/W1997389706","https://openalex.org/W2001693166","https://openalex.org/W2053103282","https://openalex.org/W2079452443","https://openalex.org/W2106353924","https://openalex.org/W2124081952","https://openalex.org/W2137223022","https://openalex.org/W2162720432","https://openalex.org/W2163345053","https://openalex.org/W2176363081","https://openalex.org/W2404990348","https://openalex.org/W2817902725","https://openalex.org/W2913701492","https://openalex.org/W3106729728","https://openalex.org/W6639212904","https://openalex.org/W6685968906"],"related_works":["https://openalex.org/W3107810407","https://openalex.org/W4298018373","https://openalex.org/W4281259734","https://openalex.org/W2571113418","https://openalex.org/W4206678297","https://openalex.org/W2359391484","https://openalex.org/W3196457791","https://openalex.org/W2133089983","https://openalex.org/W3202423697","https://openalex.org/W2159893901"],"abstract_inverted_index":{"Logic":[0],"flaws":[1,131],"within":[2],"web":[3,20,40,143],"applications":[4],"allow":[5],"the":[6,19,25,32,39,55,65,79,104,149],"attackers":[7],"to":[8,73],"disclose":[9],"or":[10],"tamper":[11],"sensitive":[12],"information":[13,77],"stored":[14],"in":[15,78],"back-end":[16],"databases,":[17],"since":[18],"application":[21,41,56,105],"usually":[22],"acts":[23],"as":[24,42,71,98,100,103,117],"single":[26],"trusted":[27],"user":[28],"that":[29,63,111,156],"interacts":[30],"with":[31],"database.":[33],"In":[34],"this":[35],"paper,":[36],"we":[37],"model":[38],"an":[43],"extended":[44],"finite":[45],"state":[46,76],"machine":[47],"and":[48,58,81,96,135,154],"present":[49],"a":[50,88,122,139],"black-box":[51],"approach":[52,153],"for":[53],"deriving":[54],"specification":[57],"detecting":[59],"malicious":[60],"SQL":[61,94,109],"queries":[62,95,110],"violate":[64,112],"specification.":[66,106],"Several":[67],"challenges":[68],"arise,":[69],"such":[70],"how":[72],"extract":[74,87],"persistent":[75],"database":[80],"infer":[82],"data":[83],"constraints.":[84],"We":[85,120],"systematically":[86],"set":[89,140],"of":[90,141,151],"invariants":[91,114],"from":[92,129],"observed":[93],"responses,":[97],"well":[99],"session":[101],"variables,":[102],"Any":[107],"suspicious":[108],"corresponding":[113],"are":[115],"identified":[116],"potential":[118],"attacks.":[119],"implement":[121],"prototype":[123],"detection":[124],"system":[125],"SENTINEL":[126],"(SEcuriNg":[127],"daTabase":[128],"logIc":[130],"iN":[132],"wEb":[133],"appLication)":[134],"evaluate":[136],"it":[137],"using":[138],"real-world":[142],"applications.":[144],"The":[145],"experiment":[146],"results":[147],"demonstrate":[148],"effectiveness":[150],"our":[152,163],"show":[155],"acceptable":[157],"performance":[158],"overhead":[159],"is":[160],"incurred":[161],"by":[162],"implementation.":[164]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":4},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2016-06-24T00:00:00"}