A study on an efficient OSS inspection scheme based on encrypted GML

Abstract

The importance of Open Source Software (OSS) has increased in recent years. OSS is software that is jointly developed and maintained globally through open collaboration and knowledge sharing. OSS plays an important role, especially in the Information Technology (IT) field, by increasing the efficiency of software development and reducing costs. However, licensing issues, security issues, etc., may arise when using OSS. Some services analyze source code and provide OSS-related data to solve these problems, a representative example being Blackduck. Blackduck inspects the entiresource code within the project and provides OSS information and related data included in the whole project. Therefore, there are problems such as inefficiency due to full inspection of the source code and difficulty in determining the exact location where OSS is identified. This paper proposes a scheme to intuitively analyze source code through Graph Modelling Language (GML) conversion to solve these problems. Additionally, encryption is applied to GML to performsecure GML-based OSS inspection. The study explains the process of converting source code to GML and performing OSS inspection. Afterward, we compare the capacity and accuracy of text-based OSS inspection and GML-based OSS inspection. Signcryption is applied to performsafe, GML-based, efficient OSS inspection.