A study on an efficient OSS inspection scheme based on encrypted GML

Seok-Joon Jang; Im-Yeong Lee; Daehee Seo; Su-Hyun Kim

doi:10.1016/j.hcc.2024.100279

High-Confidence Computing ›› 2025, Vol. 5 ›› Issue (2) : 100279 DOI: 10.1016/j.hcc.2024.100279

Research article

A study on an efficient OSS inspection scheme based on encrypted GML

Author information +

History +

PDF (2525KB)

Abstract

The importance of Open Source Software (OSS) has increased in recent years. OSS is software that is jointly developed and maintained globally through open collaboration and knowledge sharing. OSS plays an important role, especially in the Information Technology (IT) field, by increasing the efficiency of software development and reducing costs. However, licensing issues, security issues, etc., may arise when using OSS. Some services analyze source code and provide OSS-related data to solve these problems, a representative example being Blackduck. Blackduck inspects the entiresource code within the project and provides OSS information and related data included in the whole project. Therefore, there are problems such as inefficiency due to full inspection of the source code and difficulty in determining the exact location where OSS is identified. This paper proposes a scheme to intuitively analyze source code through Graph Modelling Language (GML) conversion to solve these problems. Additionally, encryption is applied to GML to performsecure GML-based OSS inspection. The study explains the process of converting source code to GML and performing OSS inspection. Afterward, we compare the capacity and accuracy of text-based OSS inspection and GML-based OSS inspection. Signcryption is applied to performsafe, GML-based, efficient OSS inspection.

Keywords

Graph modeling language / Open source software / Inspection accuracy

Cite this article

Download citation ▾

Seok-Joon Jang, Im-Yeong Lee, Daehee Seo, Su-Hyun Kim. A study on an efficient OSS inspection scheme based on encrypted GML. High-Confidence Computing, 2025, 5(2): 100279 DOI:10.1016/j.hcc.2024.100279

登录浏览全文

4963

注册一个新账户忘记密码

CRediT authorship contribution statement

Seok-Joon Jang: Writing - review & editing, Writing - original draft, Project administration, Methodology. Im-Yeong Lee: Writing - review & editing, Validation, Supervision. Daehee Seo: Writing - review & editing, Supervision, Methodology. Su-Hyun Kim: Writing - review & editing, Writing - original draft, Supervision.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgments

This research was supported by SW Copyright Ecosystem R&D Program through the Korea Creative Content Agency grant funded by the Ministry of Culture, Sports and Tourism in 2024 (RS-2023-00224818). The project is titled “Development of Large-Scale Software License Verification Technology Using Cloud Services and Construction Types”, with a contribution rate of 100%.

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	S. Kangsik, J. Dong-Jae, C. Min-Ji, C. Ho-Mook, A study on the development and application of efficient evaluation criteria for performance testing of commercial open source vulnerability scanning tools, J. Korea Inst. Inf. Secur. Cryptol. 32 (4) (2022) 709-722.

[2]	Blackduck, Blackduck software configuration analysis, 2021, https://manuals.plus/ko/synopsys/black-duck-software-composition-analysis.

[3]	Blackduck, Blackduck software composition analysis, 2024, https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html.

[4]	F.L. Dennig, E. Cakmak, H. Plate, D.A. Keim, VulnEx: Exploring open-source software vulnerabilities in large development organizations to understand risk exposure, in: 2021 IEEE Symposium on Visualization for Cyber Security (VizSec), IEEE, 2021, pp. 79-83.

[5]	F. Falzon, K.G. Paterson, An efficient query recovery attack against a graph encryption scheme, in:European Symposium on Research in Computer Security, 2022, pp. 325-345.

[6]	M. Himsolt, GML: A Portable Graph File Format, Technical Rep., Technical report, Universitat Passau, 1997.

[7]	J. Kyoochang, L. Heejo, Cdoe graph for malware detection, in:2008 International Conference on Information Networking, 2008, pp. 1-5.

[8]	B. Pamela, M. Iliofotou, N. Iulian, F. Michalis, Graph-based analysis and prediction for software evolution, in: 2012 34th International Conference on Software Engineering, ICSE, 2012, pp. 419-429.

[9]	J. Ren, T. Li, Graph isomorphism—Characterization and efficient algorithms, High Confid. Comput. (2024) 100224.

[10]	T. Zhu, S. Liu, B. Li, J. Liu, P. Liu, F. Zheng, Graph reasoning over explicit semantic relation, High Confid. Comput. 4 (2) (2024) 100190.

[11]	G. Lu, K. Li, X. Wang, Z. Liu, Z. Cai, W. Li, Neural-based inexact graph de-anonymization, High Confid. Comput. 4 (1) (2024) 100186.

[12]	K. Ingols, R. Lippmann, K. Piwowarski, Practical attack graph generation for network defense, in: 2006 22nd Annual Computer Security Applications Conference, ACSAC’06, IEEE, 2006, pp. 121-130.

[13]	H.S. Lallie, K. Debattista, J. Bal, A review of attack graph and attack tree visual syntax in cyber security, Comp. Sci. Rev. 35 (2020) 100219.

[14]	A. Goetschmann, Design and Analysis of Graph Encryption Schemes,(Master’s thesis), ETH Zurich, 2020.

[15]	Z. Xu, F. Zhou, J. Li, Y. Li, Q. Wang, Graph encryption for all-path queries, Concurr. Comput.: Pract. Exper. 32 (16) (2020) e5362.

[16]	M. Chase, S. Kamara, Structured encryption and controlled disclosure, in: Advances in Cryptology - ASIACRYPT 2010, Springer Berlin Heidelberg, 2010, pp. 577-594.

[17]	N. Cao, Z. Yang, C. Wang, K. Ren, W. Lou, Privacy-preserving query over encrypted graph-structured data in cloud computing, in: 2011 31st International Conference on Distributed Computing Systems, IEEE, 2011, pp. 393-402.

[18]	Y. Xue, L. Chen, Y. Mu, L. Zeng, F. Rezaeibagha, R.H. Deng, Structured encryption for knowledge graphs, Inform. Sci. 605 (2022) 43-70.

[19]	Redis, Redis, 2024, https://github.com/redis/redis.

[20]	MongoDB, Mongodb, 2024, https://github.com/mongodb/mongo.

[21]	OpenCV, Opencv, 2024, https://github.com/opencv/opencv.

[22]	Godot Engine, Godot, 2024, https://github.com/godotengine/godot.

[23]	J. Zou, D. He, S. Bi, L. Wu, Z. Liu, C. Peng, A certificateless multi-receiver en-cryption scheme based on SM2 signature algorithm, High Confid. Comput. 3 (1) (2023) 100103.

[24]	Synopsys, Software standards and security compliance, 2024, https://www.blackducksoftware.com/solutions/open-source-license-compliance.

[25]	H. Zhang, Comparison of open source license scanning tools, 2020, https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1463853&dswid=9554.

[26]	L. Dong-Gun, S. Yeong-Seok, A study on the identification of open source license compatibility violations, KIPS Trans. Softw. Data Eng. 7 (12) (2018) 451-460.

[27]	S. Woo, S. Park, S. Kim, H. Lee, H. Oh, CENTRIS: A precise and scalable approach for identifying modified open-source software reuse, in: 2021 IEEE/ACM 43rd International Conference on Software Engineering, ICSE, IEEE, 2021, pp. 860-872.

[28]	L. Grabinger, F. Hauser, J. Mottok,Evaluating graph-based modeling lan-guages, in:Proceedings of the 5th European Conference on Software Engineering Education, 2023, pp. 120-129.

[29]	R.C. Holt, A. Schürr, S.E. Sim, A. Winter, GXL: A graph-based standard exchange format for reengineering, Sci. Comput. Program. 60 (2006) 149-170.

[30]	Y. Auyeung, Code graph, 2021, https://marketplace.visualstudio.com/items?itemName=YaobinOuyang.CodeAtlas.

[31]	Doxygen, Doxygen, 2024, https://doxygen.nl/manual/autolink.html.

[32]	E. Ghosh, S. Kamara, R. Tamassia, Efficient graph encryption scheme for shortest path queries, in:Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, 2021, pp. 516-525.

[33]	X. Meng, S. Kamara, K. Nissim, G. Kollios, Grecs: Graph encryption for approximate shortest distance queries,in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015, pp. 504-517.

[34]	Q. Wang, K. Ren, M. Du, Q. Li, A. Mohaisen, SecGDB: Graph encryption for exact shortest distance queries with efficient updates,in: Financial Cryptography and Data Security: 21st International Conference, 2017, pp. 79-97.