Abstract
The secure deployment of components is widely recognized as a crucial problem in component-based software engineering. While major effort is concentrated on preventing malicious components from penetrating secure systems, other security violations may also cause significant problems. We uncover a technique that creates a major breach of security by allowing rogue components to interfere with component-based applications by impersonating various generic components. This interference leads to stealing business value of competitive products and causes problems without violating legal agreements. We also present our solution to this problem, called Secure COmponent Deployment Protocol (S-CODEP), and prove its soundness using the authentication logic of Burrows, Abadi, and Needham (BAN authentication logic).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Meyer, B.: The Grand Challenge of Trusted Components. In: The 25th International Conference on Software Engineering, Portland, OR (2003)
Szyperski, C.: Component Software: Beyond Object-Oriented Programming. ACM Press, Addison-Wesley (1998)
Viega, J., McGraw, G.: Building Secure Software. Addison-Wesley, Reading (2002)
Brown, K.: Building a Lightweight COM Interception Framework, Part I: The Universal Delegator. Microsoft Systems Journal 14, 17–29 (1999)
Brown, K.: Building a Lightweight COM Interception Framework, Part II: The Universal Delegator. Microsoft Systems Journal 14, 49–59 (1999)
Schmidt, D., Stal, M., Rohnert, H., Buschman, F.: Pattern-Oriented Software Architecture, vol. 2, pp. 109–140. John Wiley & Sons, Chichester (2001)
Tung, B.: Kerberos: A Network Authentication System. Addison-Wesley, Reading (1999)
Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM SIGOPS Operating Systems Review 23(5) (1989)
Romer, T., Voelker, G., Lee, D., Wolman, A., Wong, W., Levy, H., Bershad, B.: Instrumentation and Optimization of Win32/Intel Executables Using Etch. In: USENIX Windows NT Workshop, Seattle, WA (1997)
Hunt, G.: Detours: Binary Interception of Win32 Functions. In: Proc. 3rd USENIX Windows NT Symposium, Seattle, WA (1999)
Larus, J., Schnarr, E.: EEL: Machine-Independent Executable Editing. In: SIGPLAN Conference on Programming Language Design and Implementation, PLDI (1995)
Meyer, B., Mingins, C., Schmidt, H.: Providing Trusted Components to the Industry. IEEE Computer, 104–115 (1998)
The Trusted Components Initiative, http://www.trusted-components.org/
Bagarathan, N., Byrne, S.: Resource Access Control for an Internet User Agent. In: The 3rd USENIX Conference on Object-Oriented Technologies and Systems (1997)
Lindqvist, U., Olovsson, T., Jonsson, E.: An Analysis of a Secure System Based on Trusted Components. In: Proceedings of 11th Ann. Conf. Computer Assurance, pp. 213–223 (1996)
Sessions, R.: Software fortresses: modeling enterprise architectures. Addison-Wesley, Reading (2003)
Brown, N., Kindel, C.: Distributed Component Object Model Protocol - DCOM/1.0. Internet Draft (January 1996), http://www.microsoft.com/oledev/olecom/draft-brown-dcom-v1-spec-02.txt
Object Management Groups security standards, http://www.omg.org/technology/documents/formal/omg_security.htm
MSDN Library, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnesscom/html/classemulation.asp
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grechanik, M., Perry, D.E. (2004). Secure Deployment of Components. In: Emmerich, W., Wolf, A.L. (eds) Component Deployment. CD 2004. Lecture Notes in Computer Science, vol 3083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24848-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-24848-4_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22059-6
Online ISBN: 978-3-540-24848-4
eBook Packages: Springer Book Archive