Abstract. The secure deployment of components is widely recognized as a crucial problem in component-based software engineering. While major effort is concentrated on preventing malicious components from penetrating secure systems, other security violations may also cause significant problems. We uncover a technique that creates a major breach of security by allowing rogue components to interfere with component-based applications by impersonating various generic components. This interference leads to stealing business value of competitive products and causes problems without violating legal agreements. We also present our solution to this problem, called Secure COmponent Deployment Protocol (S-CODEP), and prove its soundness using the authentication logic of Burrows, Abadi, and Needham (BAN authentication logic).
Mark Grechanik, Dewayne E. Perry