[Tutor] Read protection of python files for Abaqus

Ferruh KAYHAN fkayhan at rcstr.com
Tue Jan 15 09:31:58 CET 2008 

Dear Sir;
Thank you very much for the information.  After I read your e-mail, I
have started to think that our codes are not highly but moderately
valuable.  Therefore, I am satisfied, by using .pyc files.  I am not
very affraid of determined hackers from outside because they will not
understand the usage of my application and a hardcopy of the codes will
always be in my handbag.

Best Regards
Ferruh Kayhan 

-----Original Message-----
From: michael.langford at gmail.com [mailto:michael.langford at gmail.com] On
Behalf Of Michael Langford
Sent: Monday, January 14, 2008 5:33 PM
To: Ferruh KAYHAN
Cc: tutor at python.org
Subject: Re: [Tutor] Read protection of python files for Abaqus

I know there are a lot of people who are very much for code openness in
all cases. I'm from a couple worlds that's not even something you'd
think about doing (military software, where people die if the other side
gets your code, and embedded software, where a company in china copies
your design and puts you out of business), so you have to work within
this sometimes. That said, many companies *vastly* overvalue their code
base, especially the great balance of it, when really 4-10 modules are
the only valuable parts.

There are obfuscators that generally work for python and then only
shipping .pyc files (as someone suggested above) helps as well.

If the code really is that valuable, I doubt you're going to be able to
hide it well enough a determined, an attacker with a skill level equal
to many of the people on this list, couldn't extract your algorithms.
I'm am not saying .NET is any more secure in that than python is either.
Just introspective languages (Java too), have this issue where they're
quite a bit easier to reverse engineer.

Assuming its only moderately valuable, then the steps above should be
enough.

You may think about isolating the highly valuable algorithm in a C
module then highly optimizing it and running a stripper on it. Then
connect it up to your python code with SWIG. That will defeat the
introspection attacks (they'll only be able to see the interface of the
C module), and the high levels of optimization in the C code (which you
should strip) will hide the algorithm further.

Another possibility is refactoring your algorithm into a code generating
utility which you don't let leave your facility. The generated code will
work, but is not reverse engineerable, as its just something like a
massive lookup table, or a series of decomposed functions.

I've been the guy attacking code before. It all boils down to the
safe/lock issue: Locks and safes aren't there to keep people out
forever, every good lock and safe has an amount of time they expect to
keep people out. You have to have a security guard or something else at
that point to safeguard your valuables. Pick locks that are good enough,
and try to remove the incentives and abilities to break in other ways.

            --Michael

PS: I would like to point out. These other people will be able to
*call* your highly proprietary code no matter what you do. So if nothing
else, a determined attacker can just call your code again without
understanding it.
--
Michael Langford
Phone: 404-386-0495
Consulting: http://www.RowdyLabs.com


On 1/14/08, Ferruh KAYHAN <fkayhan at rcstr.com> wrote:
> Dear Sir;
> Thank you for your reply.  Oftenly, especially in industrial
companies,
> codes are becoming very valuable and owner of the company likes to
keep
> that value as confidential in order to protect the company
> competitivness.  Somr times, professionals are leaving companies and
> starting new jobs in competitor companies.  Therefore, protecting some
> codes are becoming important.
>
> So in our case, we are not trying to stop anybody learning python
> language but we are trying to protect what we are doing with python.
>
> I hope my reply is sufficient.
>
> Regards
>
> -----Original Message-----
> From: bhaaluu [mailto:bhaaluu at gmail.com]
> Sent: Monday, January 14, 2008 3:25 PM
> To: Ferruh KAYHAN
> Cc: tutor at python.org
> Subject: Re: [Tutor] Read protection of python files for Abaqus
>
> Greetings,
> On Jan 14, 2008 3:17 AM, Ferruh KAYHAN <fkayhan at rcstr.com> wrote:
> > Dear Sirs;
> > Good morning.
> > I do not like abaqus users will read my python file codes.  How can
I
> > protect my codes from reading ans still workable by Abaqus import??
> >
> > Best Regards
> > Ferruh Kayhan
>
> <quote source=wikipedia?ABAQUS>
> Abaqus is widely used in the automotive, aerospace, and industrial
> products industries. The package is very popular with academic and
> research institutions ...
> These software products, especially Abaqus/CAE, extensively use the
> open-source scripting language Python for scripting and customization.
> </quote>
>
> Don't academics and researchers thrive on sharing information?
> Also, this forum is geared towards learning Python, and sharing source
> code is encouraged in order to obtain help.
>
> Also, "many eyes" can find and fix bugs in your scripts, as well as,
> others may find the scripts useful: ie. research can advance more
> quickly.
>
> Is there a particular reason why you don't want others to see your
> Abaqus Python scripts?
>
> Just curious.
> --
> b h a a l u u at g m a i l dot c o m
> _______________________________________________
> Tutor maillist  -  Tutor at python.org
> http://mail.python.org/mailman/listinfo/tutor
>

More information about the Tutor mailing list