Secure deployment of components

Abstract. The secure deployment of components is widely recognized as a cru-cial problem in component-based software engineering. While major effort is concentrated on preventing malicious components from penetrating secure sys-tems, other security violations may also cause significant problems. We un-cover a technique that creates a major breach of security by allowing rogue components to interfere with component-based applications by impersonating various generic components. This interference leads to stealing business value of competitive products and causes problems without violating legal agree-ments. We also present our solution to this problem, called Secure COmponent Deployment Protocol (S-CODEP), and prove its soundness using the authenti-cation logic of Burrows, Abadi, and Needham (BAN authentication logic).