The RAppArmor Package: Enforcing Security Policies in R Using Dynamic Sandboxing on Linux

TL;DR

The paper introduces RAppArmor, a Linux-based package that enforces security policies in R by implementing dynamic sandboxing, addressing security concerns in shared and cloud environments for R applications.

Contribution

It presents a novel Linux-based sandboxing package for R, enhancing security in shared and cloud computing environments.

Findings

RAppArmor effectively isolates R processes in shared environments.

The package enables dynamic security policy enforcement.

It improves security without significantly impacting performance.

Abstract

The increasing availability of cloud computing and scientific super computers brings great potential for making R accessible through public or shared resources. This allows us to efficiently run code requiring lots of cycles and memory, or embed R functionality into, e.g., systems and web services. However some important security concerns need to be addressed before this can be put in production. The prime use case in the design of R has always been a single statistician running R on the local machine through the interactive console. Therefore the execution environment of R is entirely unrestricted, which could result in malicious behavior or excessive use of hardware resources in a shared environment. Properly securing an R process turns out to be a complex problem. We describe various approaches and illustrate potential issues using some of our personal experiences in hosting public web services. Finally we introduce the RAppArmor package: a Linux based reference implementation for dynamic sandboxing in R on the level of the operating system.