Research Topics

Discover and analyze end-points, authorization policies, control-flow, method calls, and Abstract Syntax Trees (AST).

Extract metadata for both compiled and interpreted languages.

Analyze containerized applications e.g. Docker images.

Reconstruct centralized perspective for microservice mesh.

Finding inconsistencies, source code to log mapping, finding solutions from external sources.

Detect code clones from external sources e.g. StackOverflow, Github, etc.

Finding RBAC inconsistencies, permission exploitations, code smells.


The RAD (REST API Discovery) project can detect inter-microservice REST communications using static code analysis. This project works as a backbone of several other projects to provide a centralized perspective using Software Architecture Reconstruction (SAR) approach. It utilizes Javassist and JavaParser libraries to support both source code and bytecode as input. It can automatically generate a REST-call graph which can be visualized using GraphViz.

Repositories: (Bytecode analysis) (Source code analysis)

An automated Role-Based Access Control (RBAC) inconsistency detection tool for microservice mesh. It can detect RBAC violations for both intra and inter microservice REST communications. It utilizes the RAD project to extract metadata and generate REST communication graph.


Prophet takes as input a GitHub repository containing the microservices and generates a centralized perspective for the microservice mesh.  It operates in three phases: source selection, context map generation, and communication diagram generation. It utilizes graph database to represent the complete architecture of an application. 

Live Demo:


Open source virtual conference management system for ACM SAC 2020.


Code clone detection by scrapping StackOverflow code blocks.


Detects code smells within microservices.