[R] Protecting R code

Mike Marchywka marchywka at hotmail.com
Mon Jul 4 19:11:17 CEST 2011 

Put it on rapache or otherwise server but this seems like a waste depending on what you are doing 

Server side is only good way but making c++ may be interesting test
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Vaishali Sadaphal <vaishali.sadaphal at tcs.com>
Date: Mon, 4 Jul 2011 16:48:13 
To: <spencer.graves at prodsyse.com>
Cc: <r-help at r-project.org>; <b.rowlingson at lancaster.ac.uk>
Subject: Re: [R] Protecting R code

Hey All,

Thank you so much for quick replies.
Looks like translation to C/C++ is the only robust option. Do you think 
there exists any ready-made R to C translator?

Thanks
--
Vaishali

Vaishali Paithankar Sadaphal
Tata Consultancy Services
Mailto: vaishali.sadaphal at tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty.   IT Services
                        Business Solutions
                        Outsourcing
____________________________________________



From:
Spencer Graves <spencer.graves at prodsyse.com>
To:
Barry Rowlingson <b.rowlingson at lancaster.ac.uk>
Cc:
Vaishali Sadaphal <vaishali.sadaphal at tcs.com>, r-help at r-project.org
Date:
07/04/2011 08:42 PM
Subject:
Re: [R] Protecting R code



Hello:


On 7/4/2011 7:41 AM, Barry Rowlingson wrote:
> On Mon, Jul 4, 2011 at 8:47 AM, Vaishali Sadaphal
> <vaishali.sadaphal at tcs.com>  wrote:
>> Hi All,
>>
>> I need to give my R code to my client to use. I would like to protect 
the
>> logic/algorithms that have been coded in R. This means that I would not
>> like anyone to be able to read the code.
>    At some point the R code has to be run. Which means it has to be
> read by an interpreter that can handle R code. Which means, unless you
> rewrite the interpreter, the R code must exist as such.
>
>   Even if you could compile R into C code into machine code and
> distribute a .exe file, its still possible in theory to
> reverse-engineer it and get something like the original back - the
> original logic if not the original names of the variables and
> functions.
>
>   You could rewrite the interpreter to only run encrypted, signed code
> that requires a decryption key, but you still have to give the user
> the decryption key at some point in order to get the plaintext code.
> Again, its an obfuscation problem of hiding the key somewhere, and
> hence is going to fail.
>
>   It all depends on how much expense you want to go to in order to make
> the expense of circumventing your solution more than its worth. Tell
> me how much that is, and I will tell you the solution.
>
>   For total security[1], you need to run the code on servers YOU
> control, and only give access via a network API. You can do this with
> RServe or any of the HTTP-based systems like Rapache.

       An organization I know that encrypted R code started with making 
it available only on their servers.  This was maybe four years ago.  I'm 
not sure what they do now, but I think they have since lost their major 
proponents of R internally and have probably translated all the code 
they wanted to sell into a compiled language in a way that didn't 
require R at all.


       Spencer

>
> Barry
>
> [1] Except of course servers can be hacked or socially-engineered
> into. For total security, disconnect your machine from the network and
> from any power supply.
>
> ______________________________________________
> R-help at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-help
> PLEASE do read the posting guide 
http://www.R-project.org/posting-guide.html
> and provide commented, minimal, self-contained, reproducible code.
>



=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



        [[alternative HTML version deleted]]

______________________________________________
R-help at r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-help
PLEASE do read the posting guide http://www.R-project.org/posting-guide.html
and provide commented, minimal, self-contained, reproducible code.

More information about the R-help mailing list