I have my own trading system written in C#, and I use it to analyze strategies and do auto-trading. In general, this trading system is only used by myself, but sometimes I have to let someone else to take care my position and operate this system. In this case, it has a risk about reverse engineering, because .Net assemblies are easy to be decompiled. So anyone know how could I do to protect my code and meanwhile it could be used by others? I think every CTAs or Hedge Funds have some staffs to monitor and operate their systems. I'm curious how they protect their code from being decompiled. Any thoughts or suggestions? Thanks a lot.
You can use code obfuscation to make decompiling a more difficult exercise. http://msdn.microsoft.com/en-us/magazine/cc164058.aspx
You have to firewall your signal generator + it's source code somehow. Here are a couple of ideas (in addition to obfuscation): 1. One idea, if your workplace permits it, is to run the code on your home / hosted external system, which your co-workers cannot access, and only connect to it from your work machine to get the signals. The problem with this arrangement, even if your workplace allows it, is probably market data access on your home pc and/or latency in case you are doing something high frequency-ish. 2. TrueCrypt file system in a file : Use a long password and store all your source code on a virtual file system protected by TrueCrypt.
This site has a lot of information about it http://stackoverflow.com/questions/506282/protect-net-code-from-reverse-engineering I would not worry about some decompiling your code. Even if they do, most people cannot stand running a system on their own money.
Thanks all for your suggestions. I might take TigerBalm's first idea cause I would like to build up a Client-Server structure. Server is managed to generate signals, and Client is managed to receive and execute signals.
Thanks for that link. It's nice to read posts from educated users on that site. Just can't believe the OP would make this post, especially after coding something in C derivative. I have never made an application in C#, though I've read a bunch on most major languages, created a few PHP scripts, and I know that whatever you make can be unmade when it comes to computers...
Having worked at an investment bank and hedge fund it is largely about trust and a really nasty work contract. However, if you are concerned there is a really simple solution. Put it in the cloud and lock down permissions. I know that Amazon EC2 is a full blown Windows Server instance and with it you can let people look, but not decompile...
What you need is Xenocode postbuild. It builds the C# code into a native executable which doesn't require .Net at all to run, plus it has very good obfuscation so even if that was decompiled it would be almost impossible to figure out.
just use Ninjatrader and give the other person the assembly protected with CliSecure.....problem fixed!!!!