• The Korean Journal of Air & Space Law and Policy
• /
• v.28 no.2
• /
• pp.37-61
• /
• 2013

In modern international law, the absence of legal definition regarding drone(Unmanned Aerial Vehicle) has made legal scholars work on an typical analogy between aircraft codified in the international document and drone. The wording of the Convention on International Civil Aviation is limited to two categories of aircraft, such as civil aircraft and state aircraft, whereas military aircraft is not legally defined. As such it is, the current practices of the State regarding the drone flight over foreign territory have proven a hypothese that drone is being deemed as military aircraft. Principal usage of drone lies in reconnaissance and surveillance mission as well as so-called targeted killing, which is prohibited if the killing is treacherous. Claimed war against terrorism, however, is providing a legal rationale that targeted killing is not treacherous, and that the targeted person is not civilian but combatant. In such context, armed attack of drone is deemed legal and justified. Consequently, such attack is legal in the general context of the war. The rules that govern targeting do not turn on the type of weapon system used, and there is no prohibition under the laws of war on the use of technologically advanced weapons systems in armed conflict so long as they are employed in conformity with applicable laws of war. Drones may present interesting new challenges because of their sophistication and the technological advantage they convey to their operators.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.909-928
• /
• 2020

From the early 1970s, the US government began to recognize that penetration testing could not assure the security quality of products. Results of penetration testing such as identified vulnerabilities and faults can be varied depending on the capabilities of the team. In other words none of penetration team can assure that "vulnerabilities are not found" is not equal to "product does not have any vulnerabilities". So the U.S. government realized that in order to improve the security quality of products, the development process itself should be managed systematically and strictly. Therefore, the US government began to publish various standards related to the development methodology and evaluation procurement system embedding "security-by-design" concept from the 1980s. Security-by-design means reducing product's complexity by considering security from the initial phase of development lifecycle such as the product requirements analysis and design phase to achieve trustworthiness of product ultimately. Since then, the security-by-design concept has been spread to the private sector since 2002 in the name of Secure SDLC by Microsoft and IBM, and is currently being used in various fields such as automotive and advanced weapon systems. However, the problem is that it is not easy to implement in the actual field because the standard or guidelines related to Secure SDLC contain only abstract and declarative contents. Therefore, in this paper, we present the new framework in order to specify the level of Secure SDLC desired by enterprises. Our proposed CIA (functional Correctness, safety Integrity, security Assurance)-level-based security-by-design framework combines the evidence-based security approach with the existing Secure SDLC. Using our methodology, first we can quantitatively show gap of Secure SDLC process level between competitor and the company. Second, it is very useful when you want to build Secure SDLC in the actual field because you can easily derive detailed activities and documents to build the desired level of Secure SDLC.