Software systems, component-based systems (CBS) in particular, have a lot of vulnerabilities that may be exploited by intruders. Companies spend much time and money to "patch" them up. It is partly due to the fact that a systemýýs security features are often added to the system after its functional requirements have been addressed. As such, system security features are not systematically designed into the system, and consequently the system has inherent security "holes". Therefore, there is a strong need for a systematic engineering approach to developing secure and robust systems, especially distributed systems, by considering functional and security requirements at the same time. In particular, these systems should be highly adaptive and reconfigurable in order to resist different types of attacks and failures. This paper introduces a reference architecture, called Secrobat, for creating secure and robust CBS. It has several key features including defensive components and the adaptive and reconfigurable architecture with the hybrid peer/super-peer structure. The reference architecture is illustrated with an example gaming system.