Skip to main content
SpringerLink
Log in
Book cover

International Working Conference on Component Deployment

CD 2004: Component Deployment pp 175–189Cite as

Secure Deployment of Components

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3083))

Abstract

The secure deployment of components is widely recognized as a crucial problem in component-based software engineering. While major effort is concentrated on preventing malicious components from penetrating secure systems, other security violations may also cause significant problems. We uncover a technique that creates a major breach of security by allowing rogue components to interfere with component-based applications by impersonating various generic components. This interference leads to stealing business value of competitive products and causes problems without violating legal agreements. We also present our solution to this problem, called Secure COmponent Deployment Protocol (S-CODEP), and prove its soundness using the authentication logic of Burrows, Abadi, and Needham (BAN authentication logic).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Meyer, B.: The Grand Challenge of Trusted Components. In: The 25th International Conference on Software Engineering, Portland, OR (2003)

    Google Scholar 

  2. Szyperski, C.: Component Software: Beyond Object-Oriented Programming. ACM Press, Addison-Wesley (1998)

    Google Scholar 

  3. Viega, J., McGraw, G.: Building Secure Software. Addison-Wesley, Reading (2002)

    Google Scholar 

  4. Brown, K.: Building a Lightweight COM Interception Framework, Part I: The Universal Delegator. Microsoft Systems Journal 14, 17–29 (1999)

    Google Scholar 

  5. Brown, K.: Building a Lightweight COM Interception Framework, Part II: The Universal Delegator. Microsoft Systems Journal 14, 49–59 (1999)

    Google Scholar 

  6. Schmidt, D., Stal, M., Rohnert, H., Buschman, F.: Pattern-Oriented Software Architecture, vol. 2, pp. 109–140. John Wiley & Sons, Chichester (2001)

    Google Scholar 

  7. Tung, B.: Kerberos: A Network Authentication System. Addison-Wesley, Reading (1999)

    Google Scholar 

  8. Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM SIGOPS Operating Systems Review 23(5) (1989)

    Google Scholar 

  9. Romer, T., Voelker, G., Lee, D., Wolman, A., Wong, W., Levy, H., Bershad, B.: Instrumentation and Optimization of Win32/Intel Executables Using Etch. In: USENIX Windows NT Workshop, Seattle, WA (1997)

    Google Scholar 

  10. Hunt, G.: Detours: Binary Interception of Win32 Functions. In: Proc. 3rd USENIX Windows NT Symposium, Seattle, WA (1999)

    Google Scholar 

  11. Larus, J., Schnarr, E.: EEL: Machine-Independent Executable Editing. In: SIGPLAN Conference on Programming Language Design and Implementation, PLDI (1995)

    Google Scholar 

  12. Meyer, B., Mingins, C., Schmidt, H.: Providing Trusted Components to the Industry. IEEE Computer, 104–115 (1998)

    Google Scholar 

  13. The Trusted Components Initiative, http://www.trusted-components.org/

  14. Bagarathan, N., Byrne, S.: Resource Access Control for an Internet User Agent. In: The 3rd USENIX Conference on Object-Oriented Technologies and Systems (1997)

    Google Scholar 

  15. Lindqvist, U., Olovsson, T., Jonsson, E.: An Analysis of a Secure System Based on Trusted Components. In: Proceedings of 11th Ann. Conf. Computer Assurance, pp. 213–223 (1996)

    Google Scholar 

  16. Sessions, R.: Software fortresses: modeling enterprise architectures. Addison-Wesley, Reading (2003)

    Google Scholar 

  17. Brown, N., Kindel, C.: Distributed Component Object Model Protocol - DCOM/1.0. Internet Draft (January 1996), http://www.microsoft.com/oledev/olecom/draft-brown-dcom-v1-spec-02.txt

  18. Object Management Groups security standards, http://www.omg.org/technology/documents/formal/omg_security.htm

  19. MSDN Library, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnesscom/html/classemulation.asp

Download references

Author information

Authors and Affiliations

  1. Department of Computer Sciences, University of Texas at Austin,  

    Mark Grechanik

  2. Department of Electrical and Computer Engineering, University of Texas at Austin,  

    Dewayne E. Perry

Authors
  1. Mark Grechanik
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dewayne E. Perry
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science, Software Systems Engineering Group, University College London, Gower Street, WC1E 6BT, London, UK

    Wolfgang Emmerich

  2. Department of Computer Science, University of Colorado, 80309-430, Boulder, Colorado, USA

    Alexander L. Wolf

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Grechanik, M., Perry, D.E. (2004). Secure Deployment of Components. In: Emmerich, W., Wolf, A.L. (eds) Component Deployment. CD 2004. Lecture Notes in Computer Science, vol 3083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24848-4_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24848-4_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22059-6

  • Online ISBN: 978-3-540-24848-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation