[R] Protecting R code

Barry Rowlingson b.rowlingson at lancaster.ac.uk
Mon Jul 4 16:41:50 CEST 2011

On Mon, Jul 4, 2011 at 8:47 AM, Vaishali Sadaphal
<vaishali.sadaphal at tcs.com> wrote:
> Hi All,
> I need to give my R code to my client to use. I would like to protect the
> logic/algorithms that have been coded in R. This means that I would not
> like anyone to be able to read the code.

  At some point the R code has to be run. Which means it has to be
read by an interpreter that can handle R code. Which means, unless you
rewrite the interpreter, the R code must exist as such.

 Even if you could compile R into C code into machine code and
distribute a .exe file, its still possible in theory to
reverse-engineer it and get something like the original back - the
original logic if not the original names of the variables and

 You could rewrite the interpreter to only run encrypted, signed code
that requires a decryption key, but you still have to give the user
the decryption key at some point in order to get the plaintext code.
Again, its an obfuscation problem of hiding the key somewhere, and
hence is going to fail.

 It all depends on how much expense you want to go to in order to make
the expense of circumventing your solution more than its worth. Tell
me how much that is, and I will tell you the solution.

 For total security[1], you need to run the code on servers YOU
control, and only give access via a network API. You can do this with
RServe or any of the HTTP-based systems like Rapache.


[1] Except of course servers can be hacked or socially-engineered
into. For total security, disconnect your machine from the network and
from any power supply.

More information about the R-help mailing list