• 정보보호학회논문지
• /
• 제31권4호
• /
• pp.817-839
• /
• 2021

소프트웨어를 안전하게 관리하기 위해 군은 RMF A&A(Risk Management Framework Assessment & Authorization) 표준에 따라 제품을 구매하고 관리한다. 해당 표준은 무기체계를 비롯한 군 IT 제품의 획득 체계에 관한 표준으로 제품에 대한 요구사항, 평가를 통한 구매, 유지보수를 다룬다. 해당 표준에 따르면 제품 개발활동에는 군에서 제시한 임무의 위험도가 반영되어야 한다. 즉, 개발사는 보안 내재화 및 공급망 보안을 통해 제시된 위험도를 완화하였고, RMF A&A의 보안 요구사항을 제대로 준수하였음을 입증하는 자료를 제출해야하고, 군에서는 개발사로부터 제출된 증거자료에 대한 평가를 통해 최종 획득 여부를 결정한다. 기존에 RMF A&A 실증 연구가 수행된 사례가 있다. 하지만, 해당 연구는 RMF A&A의 전체 단계가 아닌 일부분에 대해서만 다루고 있고, 해당 연구의 실증 사례가 대외비인 관계로 상세한 정보가 공개되지 않아 실제 산업 환경에 적용하는데 어려움이 있다. 이에 본 논문에서는 군의 위험도 측정 및 RMF A&A 관련 표준들을 분석하고, 이를 바탕으로 군 RMF A&A의 요구사항을 만족시킬 수 있는 증거자료 작성방안에 대해 제시한다. 또한, 제시한 방안을 실제 드론 시스템에 적용하여 작성된 평가 제출물이 RMF A&A의 요구사항에 부합한지 검증을 수행한다.

• East Asian Economic Review
• /
• 제24권4호
• /
• pp.349-388
• /
• 2020

The US-China trade war forced a reluctant semiconductor industry into someone else's fight, a very different position from its leading role in the 1980s trade conflict with Japan. This paper describes how the political economy of the global semiconductor industry has evolved since the 1980s. That includes both a shift in the business model behind how semiconductors go from conception to a finished product as well as the geographic reorientation toward Asia of demand and manufactured supply. It uses that lens to explain how, during the modern conflict with China, US policymakers turned to a legally complex set of export restrictions targeting the semiconductor supply chain in the attempt to safeguard critical infrastructure in the telecommunications sector. The potentially far-reaching tactics included weaponization of exports by relatively small but highly specialized American software service and equipment providers in order to constrain Huawei, a Fortune Global 500 company. It describes potential costs of such policies, some of their unintended consequences, and whether policymakers might push them further in the attempt to constrain other Chinese firms.

• 한국항공운항학회지
• /
• 제28권3호
• /
• pp.18-26
• /
• 2020

Cost reduction and equality by exempting re-scanning of passengers, baggage and cargo secured from the first airport of departure, mainly in the European Union/European Economic Area(EU/EEA), Switzerland, etc. One-Stop Security(OSS) is being promoted to maintain the level of security while increasing speed and convenience, and movement is expected to expand worldwide. Therefore, this paper establishes the basic concept of OSS through a literature review of ICAO Standards and Recommended Practices(SARPs), and analyzes the actual conditions of OSS implementation in major countries such as the United States and the EU. It is intended to present the political, economic benefits for Korea and highlight the urgency of implementing the OSS system in the aviation industry including the cargo sector. Therefore, the practical implications of strengthening international cooperation through the expansion of government and airport operators OSS implementation to overcome the resource shortage problem of the existing national air cargo security system and to strengthen the status as a global aviation powerhouse were drawn up. There is academic significance that it raised the need for effective implementation of OSS, which was not previously covered.

• 한국정보통신학회:학술대회논문집
• /
• 한국해양정보통신학회 2009년도 춘계학술대회
• /
• pp.789-792
• /
• 2009

As RFID technology is becoming ubiquitous, the secunty of these systems gets much attention. Its fields of usage include personal identification, supply-chain management systems, and many more. Many kinds of RFID tags are available on the market which differ both in storage, and computational capacity. Since by standard IT means all the tags have small capacities, the security mechanisms which are in use in computer networks are not suitable. For expensive tags with relatively large computational capacities many secure communication protocols were developed, for cheap low-end tags, only a few lightweight protocols exist. In this paper we introduce our solution, which is based on the least computation demanding operator, the exclusive or function. By introducing two tags instead of one in the RFID system, our scheme provides security solutions which are comparable with those provided by the lightweight protocols. In the meantime, our scheme does not demand any computational steps to be made by the ta.

• 정보보호학회지
• /
• 제25권1호
• /
• pp.39-46
• /
• 2015

현대의 자동차는 안전중요(Safety Critical) 시스템이기 때문에 차량의 안전성을 보장하는 것은 물론 초 연결사회를 지향하는 사물인터넷 기술의 발전과 자동차의 스마트화 됨에 따른 자동차 보안문제가 대두됨에 따라 자동차 소프트웨어와 공급망에서의 보증 방안이 필요하다. 본 논문에서는 자동차 소프트웨어의 보안성을 확보하고, 공급망에서의 보안성을 보증하기 위한 자동차 소프트웨어&공급망 보증(A-SSCA, Automotive-Software& Supply Chain Assurance)을 위한 보안쟁점 및 고려사항을 제시하고자 한다.

• 한국산업융합학회 논문집
• /
• 제27권1호
• /
• pp.143-149
• /
• 2024

The production and procurement of shipbuilding and offshore equipment is an important competitive factor in the shipbuilding and offshore industry. Recently, ICT-based digital technology has been rapidly applied to the manufacturing industry following the Fourth Industrial Revolution. Under the digital transformation, real-time data interface technology based on SCM (Supply Chain Management) is emerging as an important tool to improve the efficiency of the equipment manufacturing process. In this study, the characteristics and advantages and disadvantages of interface technologies of web-based data interface technologies were compared and analyzed. The performance was compared between theoretical evaluation based on technical features and practical application cases. As a result, it was confirmed that GraphQL is useful for selective data processing, but there is a problem with optimization, and REST API has a problem with receiving data due to a fixed data structure. Therefore, this study aims to suggest ways to utilize and optimize these data interface technologies.

• 무역상무연구
• /
• 제47권
• /
• pp.263-298
• /
• 2010

The global trading system is vulnerable to terrorist exploitation while the international trade is an essential element for the economic development. Customs has a unique role in the international trade to provide increased security while ensuring facilitation of the legitimate flow of goods and the role of Customs has become more and more indispensable these days. In response to this trend, the World Customs Organization(WCO), the organization of more than 170 Customs administrations all over the world, adopted an international framework("SAFE Framework") in 2005, which includes the Authorized Economic Operator(AEO) concept, whereby a party involved in the international movement of goods would be approved by Customs as complying with the supply chain security standards, and given benefits, such as simplified Customs procedure and less Customs intervention. In this stream, the Japanese government has developed and promoted AEO Program in close cooperation with the business sector, aiming at ensuring security while facilitating legitimate trade. For that purpose, Japan Customs, as a main entity in the field of international trade, has developed comprehensive AEO program with combination of programs for importers, exporters, warehouse operators, Customs brokers and logistics operators, such as forwarders and carriers, which are consistent with the "SAFE Framework" developed by the WCO. The purpose of this paper aims to analyse the introduction plans of AEO program for the trade security and trade facilitation with Japanese AEO system.

• 한국통신학회논문지
• /
• 제30권6C호
• /
• pp.593-600
• /
• 2005

최근 들어 RFID 시스템을 물류${\cdot}$유통 시스템을 비롯한 여러 산업분야에 널리 활용하기 위해 태그에 저장된 정보를 보호하고 임의의 태그에 대한 추적 방지가 가능한 인증 프로토콜에 대한 연구가 활발히 진행 중이다. 본 논문에서는 보안 레벨(security level)의 개념을 이용하여 태그를 인증하기위해 back-end DB에 요구되는 계산량을 감소시킬 수 있는 RFID 인증 프로토콜을 제안한다. 제안하는 방식은 해쉬 함수에 기반하며 재전송 공격, 스푸핑 공격, 트래픽 분석, 위치 프라이버시 등에 대해 안전하다는 장점이 있다.

• 산경연구논집
• /
• 제11권2호
• /
• pp.25-31
• /
• 2020

Purpose: The AEO (Authorized Economic Operator) program, created in 2001 in the United States due to 9.11 terrorist's attack, fundamentally changed the trade environment. Korea, which introduced AEO program in 2009, has become one of the world's top countries in the program by ranking 6th in the number of AEO certified companies and the world's No. 1 in MRA (Mutual Recognition Agreement) conclusions. In this paper, we examined what trade-economic and non-economic effects the AEO program and its MRA have in Korea. Research design, data and methodology: In this study we developed a model to verify the impact between utilization of AEO and trade-economic effects of the AEO and its MRA. After analyzing the validity and reliability of the model through Structural Equation Model we conducted a survey to request AEO companies to respond their experience on the effects of AEO program and MRA. As a result, 196 responses were received from 176 AEO companies and utilized in the analysis. Results: With regard to economic effects, the AEO program and the MRA have not been directly linked to financial performance, such as increased sales, increased export and import volumes, reduced management costs, and increased operating profit margins. However, it was analyzed that the positive effects of supply chain management were evident, such as strengthening self-security, monitoring and evaluating risks regularly, strengthening cooperation with trading companies, enhancing cargo tracking capabilities, and reducing the time required for export and import. Conclusions: When it comes to the trade-economic effects of AEO program and its MRA, AEO companies did not satisfy with direct effects, such as increased sales and volume of imports and exports, reduced logistics costs. However, non-economic effects, such as reduced time in customs clearance, freight tracking capability, enhanced security in supply chain are still appears to be big for them. In a rapidly changing trade environment the AEO and MRA are still useful. Therefore the government needs to encourage non-AEO companies to join the AEO program, expand MRA conclusion with AEO adopted countries especially developing ones and help AEO companies make good use of AEO and MRA.

• Ocean Systems Engineering
• /
• 제4권2호
• /
• pp.137-150
• /
• 2014

In the marine industry although there has been significant growth towards safety, security and risk assessments or risk-based strategies such as marine insurance and regulations to avoid the risks of damage to properties and the environment or the prospect of premature death caused by accidents etc, the moves toward managing the risks which are linked directly to the business functions and decision making processes have been very slow. Furthermore in the marine industry most perceptions, methodologies and frameworks of dealing with hazards, risks, safety and security issues are for their assessment rather than their management. This trend reveals the fact that in different marine industry sectors such as logistics and shipping there is a lack of coherent risk management framework or methodology from which to understand the risk-based decisions especially for the purpose of design, construction, operation, management and even decommissioning of the marine related applications. On the other hand risk management is not yet viewed holistically in the marine industry in order to, for example, assign a right person, i.e. risk manager, who can act as a coordinator and advisor with responsibilities that are only specific to risk management. As a result this paper, by examining the present physical borders and risk-based activities in the marine industry, aims to propose an appropriate risk management methodology in addition to the emergent role of risk managers which will enable the industry users initially to become familiar with the concept of risk management at its holistic level. In the later stages this eventually can lead to development of risk management capabilities at an exclusive level and its integration into the marine industry functions in future.