Dataflow Tunneling: Mining Inter-request Data Dependencies for Request-based Applications
Xiao Yu and Guoliang Jin
Nowadays web-based applications are ubiquitous in server applications to serve web pages and RESTful APIs. One typical characteristic of such applications is the use of modular and stateless request handlers to process user requests. It is notable that making individual handlers stateless does not actually remove the underlying data dependencies over multiple requests. Data can still be propagated across requests by implicit calling relationships between seemingly stateless handlers, and these handlers may still have to retain or recompute internal states, such as querying a backend database repeatedly.
This accepted paper represents our newest effort in advancing analysis techniques for web-based applications. We argue that inter-request analysis, which analyzes request handlers with data propagation across user requests, is potentially beneficial for performance optimization and information-flow integrity. And we propose an approach to capture and abstract such data propagation going through multiple application and library components, and client side applications, such as web browsers and mobile apps. We believe that our work is the first step towards practical and full-fledged inter-request analysis tools.