[R] Protecting R code

Spencer Graves spencer.graves at prodsyse.com
Mon Jul 4 17:12:24 CEST 2011


Hello:


On 7/4/2011 7:41 AM, Barry Rowlingson wrote:
> On Mon, Jul 4, 2011 at 8:47 AM, Vaishali Sadaphal
> <vaishali.sadaphal at tcs.com>  wrote:
>> Hi All,
>>
>> I need to give my R code to my client to use. I would like to protect the
>> logic/algorithms that have been coded in R. This means that I would not
>> like anyone to be able to read the code.
>    At some point the R code has to be run. Which means it has to be
> read by an interpreter that can handle R code. Which means, unless you
> rewrite the interpreter, the R code must exist as such.
>
>   Even if you could compile R into C code into machine code and
> distribute a .exe file, its still possible in theory to
> reverse-engineer it and get something like the original back - the
> original logic if not the original names of the variables and
> functions.
>
>   You could rewrite the interpreter to only run encrypted, signed code
> that requires a decryption key, but you still have to give the user
> the decryption key at some point in order to get the plaintext code.
> Again, its an obfuscation problem of hiding the key somewhere, and
> hence is going to fail.
>
>   It all depends on how much expense you want to go to in order to make
> the expense of circumventing your solution more than its worth. Tell
> me how much that is, and I will tell you the solution.
>
>   For total security[1], you need to run the code on servers YOU
> control, and only give access via a network API. You can do this with
> RServe or any of the HTTP-based systems like Rapache.

       An organization I know that encrypted R code started with making 
it available only on their servers.  This was maybe four years ago.  I'm 
not sure what they do now, but I think they have since lost their major 
proponents of R internally and have probably translated all the code 
they wanted to sell into a compiled language in a way that didn't 
require R at all.


       Spencer

>
> Barry
>
> [1] Except of course servers can be hacked or socially-engineered
> into. For total security, disconnect your machine from the network and
> from any power supply.
>
> ______________________________________________
> R-help at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.
>



More information about the R-help mailing list