[Tutor] Read protection of python files for Abaqus

Michael Langford mlangford.cs03 at gtalumni.org
Mon Jan 14 16:32:43 CET 2008 

I know there are a lot of people who are very much for code openness
in all cases. I'm from a couple worlds that's not even something you'd
think about doing (military software, where people die if the other
side gets your code, and embedded software, where a company in china
copies your design and puts you out of business), so you have to work
within this sometimes. That said, many companies *vastly* overvalue
their code base, especially the great balance of it, when really 4-10
modules are the only valuable parts.

There are obfuscators that generally work for python and then only
shipping .pyc files (as someone suggested above) helps as well.

If the code really is that valuable, I doubt you're going to be able
to hide it well enough a determined, an attacker with a skill level
equal to many of the people on this list, couldn't extract your
algorithms. I'm am not saying .NET is any more secure in that than
python is either. Just introspective languages (Java too), have this
issue where they're quite a bit easier to reverse engineer.

Assuming its only moderately valuable, then the steps above should be enough.

You may think about isolating the highly valuable algorithm in a C
module then highly optimizing it and running a stripper on it. Then
connect it up to your python code with SWIG. That will defeat the
introspection attacks (they'll only be able to see the interface of
the C module), and the high levels of optimization in the C code
(which you should strip) will hide the algorithm further.

Another possibility is refactoring your algorithm into a code
generating utility which you don't let leave your facility. The
generated code will work, but is not reverse engineerable, as its just
something like a massive lookup table, or a series of decomposed
functions.

I've been the guy attacking code before. It all boils down to the
safe/lock issue: Locks and safes aren't there to keep people out
forever, every good lock and safe has an amount of time they expect to
keep people out. You have to have a security guard or something else
at that point to safeguard your valuables. Pick locks that are good
enough, and try to remove the incentives and abilities to break in
other ways.

            --Michael

PS: I would like to point out. These other people will be able to
*call* your highly proprietary code no matter what you do. So if
nothing else, a determined attacker can just call your code again
without understanding it.
-- 
Michael Langford
Phone: 404-386-0495
Consulting: http://www.RowdyLabs.com


On 1/14/08, Ferruh KAYHAN <fkayhan at rcstr.com> wrote:
> Dear Sir;
> Thank you for your reply.  Oftenly, especially in industrial companies,
> codes are becoming very valuable and owner of the company likes to keep
> that value as confidential in order to protect the company
> competitivness.  Somr times, professionals are leaving companies and
> starting new jobs in competitor companies.  Therefore, protecting some
> codes are becoming important.
>
> So in our case, we are not trying to stop anybody learning python
> language but we are trying to protect what we are doing with python.
>
> I hope my reply is sufficient.
>
> Regards
>
> -----Original Message-----
> From: bhaaluu [mailto:bhaaluu at gmail.com]
> Sent: Monday, January 14, 2008 3:25 PM
> To: Ferruh KAYHAN
> Cc: tutor at python.org
> Subject: Re: [Tutor] Read protection of python files for Abaqus
>
> Greetings,
> On Jan 14, 2008 3:17 AM, Ferruh KAYHAN <fkayhan at rcstr.com> wrote:
> > Dear Sirs;
> > Good morning.
> > I do not like abaqus users will read my python file codes.  How can I
> > protect my codes from reading ans still workable by Abaqus import??
> >
> > Best Regards
> > Ferruh Kayhan
>
> <quote source=wikipedia?ABAQUS>
> Abaqus is widely used in the automotive, aerospace, and industrial
> products industries. The package is very popular with academic and
> research institutions ...
> These software products, especially Abaqus/CAE, extensively use the
> open-source scripting language Python for scripting and customization.
> </quote>
>
> Don't academics and researchers thrive on sharing information?
> Also, this forum is geared towards learning Python, and sharing source
> code is encouraged in order to obtain help.
>
> Also, "many eyes" can find and fix bugs in your scripts, as well as,
> others may find the scripts useful: ie. research can advance more
> quickly.
>
> Is there a particular reason why you don't want others to see your
> Abaqus Python scripts?
>
> Just curious.
> --
> b h a a l u u at g m a i l dot c o m
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> http://mail.python.org/mailman/listinfo/tutor
>

More information about the Tutor mailing list