{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T22:12:32Z","timestamp":1770070352373,"version":"3.49.0"},"reference-count":32,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2010,2,1]],"date-time":"2010-02-01T00:00:00Z","timestamp":1264982400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-0716584CNS-0551660CCF-0747041"],"award-info":[{"award-number":["CNS-0716584CNS-0551660CCF-0747041"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CNS-0716584CNS-0551660CCF-0747041"],"award-info":[{"award-number":["CNS-0716584CNS-0551660CCF-0747041"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2010,2]]},"abstract":"<jats:p>SQL injection attacks are one of the top-most threats for applications written for the Web. These attacks are launched through specially crafted user inputs, on Web applications that use low-level string operations to construct SQL queries. In this work, we exhibit a novel and powerful scheme for automatically transforming Web applications to render them safe against all SQL injection attacks.<\/jats:p>\n          <jats:p>A characteristic diagnostic feature of SQL injection attacks is that they change the intended structure of queries issued. Our technique for detecting SQL injection is to dynamically mine the programmer-intended query structure on any input, and detect attacks by comparing it against the structure of the actual query issued. We propose a simple and novel mechanism, called Candid, for mining programmer intended queries by dynamically evaluating runs over benign candidate inputs. This mechanism is theoretically well founded and is based on inferring intended queries by considering the symbolic query computed on a program run. Our approach has been implemented in a tool called Candid that retrofits Web applications written in Java to defend them against SQL injection attacks. We have also implemented Candid by modifying a Java Virtual Machine, which safeguards applications without requiring retrofitting. We report extensive experimental results that show that our approach performs remarkably well in practice.<\/jats:p>","DOI":"10.1145\/1698750.1698754","type":"journal-article","created":{"date-parts":[[2010,3,9]],"date-time":"2010-03-09T16:34:59Z","timestamp":1268152499000},"page":"1-39","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":107,"title":["CANDID"],"prefix":"10.1145","volume":"13","author":[{"given":"Prithvi","family":"Bisht","sequence":"first","affiliation":[{"name":"University of Illinois, Chicago"}]},{"given":"P.","family":"Madhusudan","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana-Champaign"}]},{"given":"V. N.","family":"Venkatakrishnan","sequence":"additional","affiliation":[{"name":"University of Illinois, Chicago"}]}],"member":"320","published-online":{"date-parts":[[2010,3,5]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1040305.1040314"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/565816.503275"},{"key":"e_1_2_1_3_1","volume-title":"Advanced SQL injection in SQL server applications","author":"Anley C.","unstructured":"Anley , C. 2002. Advanced SQL injection in SQL server applications . Next Generation Security Software Ltd . Tech. rep. Anley, C. 2002. Advanced SQL injection in SQL server applications. Next Generation Security Software Ltd. Tech. rep."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315250"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315249"},{"key":"e_1_2_1_6_1","volume-title":"USAF Electronic Systems Division","author":"Biba K. J.","unstructured":"Biba , K. J. 1977. Integrity considerations for secure computer systems. Tech. rep. ESD-TR-76-372 , USAF Electronic Systems Division , Bedford, MA . Biba, K. J. 1977. Integrity considerations for secure computer systems. Tech. rep. ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_2"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the Conference on Applied Cryptography and Network Security. Springer","author":"Boyd S. W.","unstructured":"Boyd , S. W. and Keromytis , A. D . 2004. SQLrand: Preventing SQL injection attacks . In Proceedings of the Conference on Applied Cryptography and Network Security. Springer , Berlin, 292--302. Boyd, S. W. and Keromytis, A. D. 2004. SQLrand: Preventing SQL injection attacks. In Proceedings of the Conference on Applied Cryptography and Network Security. Springer, Berlin, 292--302."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1108473.1108496"},{"key":"e_1_2_1_10_1","unstructured":"Chauhan M. 2008. Chauhan M. 2008. An efficient implementation of candidate evaluation in a Java environment. https:\/\/alcazar.sisl.rites.uic.edu\/wiki\/pub\/Main\/CANDIDJavaImplementation\/Project_Report_Megha.pdf.  Chauhan M. 2008. Chauhan M. 2008. An efficient implementation of candidate evaluation in a Java environment. https:\/\/alcazar.sisl.rites.uic.edu\/wiki\/pub\/Main\/CANDIDJavaImplementation\/Project_Report_Megha.pdf."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062488"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273484"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering. IEEE","author":"Halfond W. G.","unstructured":"Halfond , W. G. , Viegas , J. , and Orso , A . 2006. A classification of SQL-injection attacks and countermeasures . In Proceedings of the IEEE International Symposium on Secure Software Engineering. IEEE , Los Alamitos, CA. Halfond, W. G., Viegas, J., and Orso, A. 2006. A classification of SQL-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering. IEEE, Los Alamitos, CA."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181775.1181797"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"e_1_2_1_16_1","volume-title":"Black Hat Briefings Conference.","author":"Hansen R.","unstructured":"Hansen , R. and Patterson , M . 2005. Stopping injection attacks with computational theory . Black Hat Briefings Conference. Hansen, R. and Patterson, M. 2005. Stopping injection attacks with computational theory. Black Hat Briefings Conference."},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the 14th Conference on USENIX Security Symposium (SSYM'05)","author":"Livshits V. B.","unstructured":"Livshits , V. B. and Lam , M. S . 2005. Finding security vulnerabilities in Java applications with static analysis . In Proceedings of the 14th Conference on USENIX Security Symposium (SSYM'05) . USENIX, Berkeley, CA, 18--18. Livshits, V. B. and Lam, M. S. 2005. Finding security vulnerabilities in Java applications with static analysis. In Proceedings of the 14th Conference on USENIX Security Symposium (SSYM'05). USENIX, Berkeley, CA, 18--18."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062487"},{"key":"e_1_2_1_19_1","unstructured":"MITRE. Common vulnerabilities and exposures list. http:\/\/cve.mitre.org\/.  MITRE. Common vulnerabilities and exposures list. http:\/\/cve.mitre.org\/."},{"key":"e_1_2_1_20_1","unstructured":"Maor O. and Shulman A. 2002. SQL Injection Signatures Evasion. Tech. rep. Imperva.  Maor O. and Shulman A. 2002. SQL Injection Signatures Evasion. Tech. rep. Imperva."},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the 20th IFIP Information Security Conference (SEC'05)","author":"Nguyen-Tuong A.","unstructured":"Nguyen-Tuong , A. , Guarnieri , S. , Greene , D. , Shirley , J. , and Evans , D . 2005. Automatically hardening Web applications using precise tainting . In Proceedings of the 20th IFIP Information Security Conference (SEC'05) . Springer, Berlin, 295--308. Nguyen-Tuong, A., Guarnieri, S., Greene, D., Shirley, J., and Evans, D. 2005. Automatically hardening Web applications using precise tainting. In Proceedings of the 20th IFIP Information Security Conference (SEC'05). Springer, Berlin, 295--308."},{"key":"e_1_2_1_22_1","volume-title":"SPOON: Program analysis and transformation in Java. Tech. rep. 5901, INRIA.","author":"Pawlak R.","year":"2006","unstructured":"Pawlak , R. , Noguera , C. , and Petitprez , N . 2006 . SPOON: Program analysis and transformation in Java. Tech. rep. 5901, INRIA. Pawlak, R., Noguera, C., and Petitprez, N. 2006. SPOON: Program analysis and transformation in Java. Tech. rep. 5901, INRIA."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_7"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111070"},{"key":"e_1_2_1_26_1","unstructured":"Sutton. 2006. Dark reading security analysis. http:\/\/www.darkreading.com\/document.asp?doc id=103774&WT.svl=news13.  Sutton. 2006. Dark reading security analysis. http:\/\/www.darkreading.com\/document.asp?doc id=103774&WT.svl=news13."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_8"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research (CASCON'99)","author":"Vall\u00e9e-Rai R.","unstructured":"Vall\u00e9e-Rai , R. , Co , P. , Gagnon , E. , Hendren , L. , Lam , P. , and Sundaresan , V . 1999. SOOT\u2014a Java bytecode optimization framework . In Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research (CASCON'99) . 125--135. Vall\u00e9e-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., and Sundaresan, V. 1999. SOOT\u2014a Java bytecode optimization framework. In Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research (CASCON'99). 125--135."},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250739"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31980-1_30"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 15th Conference on USENIX Security Symposium. USENIX","author":"Xie Y.","unstructured":"Xie , Y. and Aiken , A . 2006. Static detection of security vulnerabilities in scripting languages . In Proceedings of the 15th Conference on USENIX Security Symposium. USENIX , Berkeley, CA. Xie, Y. and Aiken, A. 2006. Static detection of security vulnerabilities in scripting languages. In Proceedings of the 15th Conference on USENIX Security Symposium. USENIX, Berkeley, CA."},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the 15th Conference on USENIX Security Symposium. USENIX","author":"Xu W.","unstructured":"Xu , W. , Bhatkar , S. , and Sekar , R . 2006. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks . In Proceedings of the 15th Conference on USENIX Security Symposium. USENIX , Berkeley, CA. Xu, W., Bhatkar, S., and Sekar, R. 2006. Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks. In Proceedings of the 15th Conference on USENIX Security Symposium. USENIX, Berkeley, CA."}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1698750.1698754","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1698750.1698754","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T20:22:58Z","timestamp":1750278178000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1698750.1698754"}},"subtitle":["Dynamic candidate evaluations for automatic prevention of SQL injection attacks"],"short-title":[],"issued":{"date-parts":[[2010,2]]},"references-count":32,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2010,2]]}},"alternative-id":["10.1145\/1698750.1698754"],"URL":"https:\/\/doi.org\/10.1145\/1698750.1698754","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,2]]},"assertion":[{"value":"2008-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-03-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}