Top Searches
July 4, 2009
| Bio-IT World > The Case for Security in Bioinformatics

Add to Del.icio.us Add to furl Add to digg Add to Connotea
EMail Page
Printer Friendly
Book Mark
Reprint Rights
The Case for Security in Bioinformatics


By Christopher Frenz

April 12, 2007 |  In the past two decades, connectivity to networked resources has transformed the way that businesses and retailers operate.  As in the business world, the bioinformatics arena is reveling in electronic data exchange. PubMed boasts more than 16 million biomedical abstracts, and GenBank houses more than 61 million biological sequences.

In addition to networked data repositories, there are a plethora of web applications (e.g. BLAST search tool), and applications for calculating everything from amino-acid ionization states (e.g. H++) to identifying protein domains (e.g. SMART). The Web helps disseminate bioinformatics software, much of it open source, through sites such as Bioinformatics.org and SourceForge.

The prevalence of distribution of scientific data and tools is invaluable to researchers, but despite their vulnerability to the same potential threats that plague their commercial counterparts, security is rarely discussed in the bioinformatics community.

Should developers or distributors of bioinformatics applications be required to make security considerations an essential element of their development or hosting process? While there have been no reports of widespread abuse of scientific computing resources to date, the potential for such abuses do exist.

Threat Assessment
The strict integration of security within bioinformatics application development (including hosted databases) complicates the process, adding time to development and potentially its availability (in extreme cases security concerns can halt release). Moreover, accessing certain data sets or interacting with certain utilities may be complicated to ensure that security measures are properly met. On the user end, time and effort must be spent to evaluate the safety of utilizing a utility rather than just implicitly trusting the utility. These security considerations can interfere with or compete with scientific research for available resources. But what could happen if security measures are not tightly integrated into our application development efforts and usage?

A major threat for Web databases and applications is Denial of Service (DoS) attacks, which render networked resources unavailable to users. Such attacks could seriously hamper research efforts, particularly as many bioinformatics utilities use Web services or API to access content, and a failure to retrieve such content could interfere with an entire application pipeline. 

While DoS attacks are not uncommon, scientific databases are subject to more insidious attacks such as submission of, or change of a record to faulty information (Web database) or the malicious return of faulty results (Web application). The hidden presence of faulty records can waste both time and money, while a Web application security breach could hinder research. When dealing with medical applications, the stakes could be even higher. 

Furthermore, pharming scams could be applied to hosted bioinformatics databases and applications, where detailed logging of user requests and data submissions could potentially be used as a form of industrial espionage. By closely monitoring submitted data and requests along with IP addresses, it could be possible to gain insights into the research activities of other laboratories.

Web-based hosting and distribution of source code and executables introduces important security considerations, including the possibility that an application may be used as a Trojan horse, a malicious purpose concealed behind some seemingly useful functionality. This malicious functionality could damage files or applications or be used for espionage by sending data located on the computer or entered into the application to a remote site.

Here the open source nature of much bioinformatics application development offers both advantages and disadvantages. The ability for anyone to read the code associated with the application can make such breaches easier to spot, but the community-based approach to development can also facilitate such breaches into the application source, since a security flaw could be added by the incorporation of a submitted patch or enhancement.  

Potential security breaches introduced by application installation need not be malicious; numerous applications have been released that contained inadvertent security exploits, such as buffer overflows. Thus bioinformatics applications could introduce similar security vulnerabilities, particularly when developers do not take the possibility into consideration. Users of bioinformatics software should evaluate any downloaded application for security exploits, intentional or not, before use. 

I would like to see the bioinformatics community establish a set of security-related guidelines for bioinformatics practitioners and software developers now, before such exploits become commonplace.

Such guidelines need not be drastically different from general information security recommendations. The key would be to find the proper balance between time and resources spent implementing security and that spent advancing the scientific body of knowledge.

Christopher Frenz is at the Dept. Computer Engineering Technology, New York City College of Technology, Brooklyn, New York. Email: cfrenz@gmail.com.

Subscribe to Bio-IT World  magazine.

Click here to login and leave a comment.  

0 Comments

Add Comment

Text Only 2000 character limit

Page 1 of 1
White Papers & Special Reports

thomson reuters image
Biomarkers: An Indispensible Addition to the Drug Development Toolkit
Examining the Potential of Biomarkers
Sponsored by Thomson Reuters

Biomarkers are becoming an essential part of clinical development. In this white paper, Thomson Reuters provides insight from experts in industry and academia, and explores the role of biomarkers as evaluative tools in improving clinical research and the challenges this presents.

Discover the potential of biomarkers to:

  • Improve decision making
  • Accelerate drug development
  • Reduce development costs
Download the paper


BlueArc_Scientific Data
Scientific Data Lifecycle Management: Preparing for Storage in an Uncertain Future
Sponsored by BlueArc

Managing vast and overwhelming streams of gene sequencing data today requires ultra-high performance systems and processes. With continued rapid advancement and improvements in gene sequencing, expect tomorrow’s instruments to output quantities of genomic information that will dwarf current levels. Help your organization maintain data control and prepare for the future of sequencing through this informative paper that discusses:

  • The information technology challenges of gene sequencing
  • “Intelligent” methods for data management and customization
  • System survival tips... Deciding what data to keep or delete
  • New tools to keep scientists ahead of impending data torrents
Download the paper


SAS Managed image
Managed Innovation, Assured Compliance
Developing, executing and managing the transformation, analysis and submission of clinical research data with SAS® Drug Development
Sponsored by SAS
Get better products to market faster. Download this white paper to discover the top ten challenges facing life science executives and how to overcome them. See how SAS Drug Development transforms clinical data into true innovation.
Download the paper
More White Papers & Special Reports
Life Science Webcasts & Podcasts

Presented by Trade Commission of Spain

Spain Biotech: An Engine for Economic Change 

TCS podcastDiscover how Spain is focusing on biotechnology to be an engine for economic change through gradual internationalization, development and technology transfer.

Regional governments are actively investing in public and private biology research and promoting the creation of knowledge-based companies. Spain’s human capital combined with aggressive investment in biotech research and infrastructure has led to the creation of bio-clusters.

Today, there are nearly 700 Spanish companies engaged in biotechnology, with almost 50 percent growth in funding devoted to research. In fact, spending on internal R & D in biotechnology has grown 46 percent and is close to 300 million Euros.

Access the podcast 

 

More Podcasts

Job Openings

saic_logo

MANAGER, SCIENTIFIC COMPUTING & PROGRAMMING (Bioinformatics Manager)
SAIC-Frederick, Inc has an exciting opportunity for a Manager, Scientific Computing & Programming - Core Genoytyping Facility in Gaithersburg, Maryland.  In this role, you will lead the Bioinformatics & Analysis Group.
Master’s or equivalent required.  PhD preferred. Six years experience in development of scientific programs in high-performance computing environment including five years supporting scientific research in computational chemistry, biology, or genetics, & two years supervisory experience.  View complete job posting & apply: www.saic-frederick.com. Position #146945.

Related Resources & Products

Bioinformatics and Computational Biology: Bottlenecks and Options
Bioinformatics and Computational Biology: Bottlenecks and Options
Expediting Drug and Biologics Development: A Strategic Approach 2006
State-by-State Clinical Trial Requirements Reference Guide 2006

Related Stories

For reprints and/or copyright permission, please contact The YGS Group, 1808 Colonial Village Lane, Lancaster, PA;

(717) 399-1900 ext. 125, or via email to Ashley.Zander@theYGSgroup.com.

Cambridge Healthtech Institute

Footer Image
  • 250 First Avenue, Suite 300
  • Needham MA 02494
  • phone: 781-972-5400
  • fax: 781-972-5425
  • chi@healthtech.com