Published by the Foundation for Open Access Statistics
Editors-in-chief: Bettina GrĂ¼n, Edzer Pebesma & Achim Zeileis    ISSN 1548-7660; CODEN JSSOBK
The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux | Ooms | Journal of Statistical Software
Authors: Jeroen Ooms
Title: The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux
Abstract: The increasing availability of cloud computing and scientific super computers brings great potential for making R accessible through public or shared resources. This allows us to efficiently run code requiring lots of cycles and memory, or embed R functionality into, e.g., systems and web services. However some important security concerns need to be addressed before this can be put in production. The prime use case in the design of R has always been a single statistician running R on the local machine through the interactive console. Therefore the execution environment of R is entirely unrestricted, which could result in malicious behavior or excessive use of hardware resources in a shared environment. Properly securing an R process turns out to be a complex problem. We describe various approaches and illustrate potential issues using some of our personal experiences in hosting public web services. Finally we introduce the RAppArmor package: a Linux based reference implementation for dynamic sandboxing in R on the level of the operating system.

Page views:: 3667. Submitted: 2012-08-03. Published: 2013-11-13.
Paper: The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux     Download PDF (Downloads: 3503)
Supplements:
RAppArmor_1.0.0.tar.gz: R source package Download (Downloads: 321; 403KB)
v55i07.R: R example code from the paper Download (Downloads: 317; 4KB)

DOI: 10.18637/jss.v055.i07

by
This work is licensed under the licenses
Paper: Creative Commons Attribution 3.0 Unported License
Code: GNU General Public License (at least one of version 2 or version 3) or a GPL-compatible license.