Secure and Privacy-preserving Genome-wide and Phenome-wide Association Studies via Intel Software Guard Extensions (SGX)

通过英特尔软件防护扩展 (SGX) 进行安全且保护隐私的全基因组和全表型关联研究

• 批准号: 10269896
• 负责人: HAIXU TANG
• 金额: $ 34.77万
• 依托单位: TRUSTEES OF INDIANA UNIVERSITY
• 依托单位国家: 美国
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-08-09 至 2023-05-31
• 项目状态: 已结题
• 来源: https://reporter.nih.gov/project-details/10269896
• 关键词: Address; Administrator; Agreement; Algorithms; Attention; Beds; Biomedical Computing; Biomedical Research; Code; Collaborations; Communities; Computer software; Consumption; Custom; Data; Data Analyses; Data Protection; Data Security; Data Storage and Retrieval; Databases; Disease; Environment; Genome; Genomics; Health; Human; Individual; Industrialization; Institution; Mainstreaming; Memory; Metadata; Methods; Operating System; Outsourcing; Patients; Phenotype; Privacy; Privatization; Process; Research; Research Personnel; Resources; Retrieval; Risk; Running; Secondary to; Secure; Security; Side; Stream; System; Techniques; Technology; Testing; Trust; Variant; Vendor; base; case control; cohort; computer studies; cryptography; data dissemination; data format; data sharing; database of Genotypes and Phenotypes; design; direct application; disease phenotype; encryption; genome wide association study; genome-wide; genomic data; human genomics; improved; indexing; interest; large datasets; novel; open source; patient privacy; phenome; phenotypic data; privacy preservation; rapid growth; scale up; screening; secondary analysis; sharing platform; transmission process; vector; whole genome

With the rapid growth of the data volume (e.g., human genomic data) collected in biomedical research, data protection, in particular for patients’ privacy in secondary uses of these data, has attracted much attention recently. Today, a vast majority of sensitive biomedical data, including individual human genomic data and their associated health metadata, are shared only through controlled-access databases (e.g. dbGaP) and biomedical researchers are required to sign a user agreement before getting access to these data. Security research has already produced a suite of techniques that can serve the general purpose of privacy-preserving computation; their direct applications are, however, too expensive (in terms of resource consumption) for real-world biomedical applications. An alternative solution is hardware-assisted Trusted Execution Environment (TEE) solutions developed or being developed by both hardware vendors (Intel, AMD, ARM) and the open-source research community. A prominent example is Intel’s Software Guard Extension (SGX), which is available as a feature in Intel's mainstream CPUs (i.e., Skylake and Kaby Lake). In this project, we plan to explore potential applications of TEE to two popular genome computation tasks involving sensitive biomedical data, i.e., the genome-wide and phenome-wide association studies. For GWAS, a secondary research user may collect genomic sequences (in encrypted form) with (cases) or without (controls) a disease phenotype from multiple data owners, on which association tests or advanced GWAS algorithms can be conducted within the SGX enclave. Similarly, for PheWAS, a user may collect phenotype data from individuals whose genomes containing (case) or not containing (control) one or more specific variations. We will address two issues when developing these approaches: 1) we will customize GWAS/PheWAS algorithms for efficient execution in the TEE with limited resources (e.g, memory, I/O, etc), and 2) we will develop new genome computing outsourcing and data sharing platforms suing the SGX techniques, and further understand and mitigate its potential side-channel risks with regards to GWAS/PheWAS computing tasks. The proposed research will lead to a practical solution for secure GWAS and PheWAS in three application scenarios: 1) secure outsourcing: a research institution collects matched genomic and phenotypic data from a large cohort of case and control individuals, and outsources the storage of these data and potential repeated GWAS and PheWAS computation to a public or commercial cloud; 2) secure collaboration: a consortium of researchers across multiple institutions attempt to collaborate on a large GWAS/PheWAS study using the data collected by each participating institution; and 3) secure data sharing: researchers want to share their data with a broad biomedical research community so that potential data users may conduct a secondary GWAS/PheWAS analysis.

随着数据量的快速增长（例如，人类基因组数据）， 数据保护，特别是患者在二次使用这些数据时的隐私， 注意最近。今天，绝大多数敏感的生物医学数据，包括个体人类， 基因组数据及其相关的健康元数据仅通过受控访问共享 数据库（如dbGaP）和生物医学研究人员需要签署用户协议， 获取这些数据安全研究已经产生了一套技术， 服务于隐私保护计算的一般目的;然而， 对于现实世界的生物医学应用来说太昂贵（就资源消耗而言）。 另一种解决方案是开发硬件辅助的可信执行环境（TEE）解决方案 或者由硬件供应商（Intel、AMD、ARM）和开源研究开发， 社区一个突出的例子是英特尔的软件保护扩展（SGX），它可以作为 英特尔主流CPU中的功能（即，Skylake和Kaby Lake）。在这个项目中，我们计划探索 TEE在两个流行的基因组计算任务中的潜在应用， 数据，即，全基因组和全表型关联研究。对于GWAS，一项二级研究 用户可以收集有（病例）或无（对照）疾病的基因组序列（以加密形式 多个数据所有者的表型，关联测试或高级GWAS算法可以 在SGX飞地内进行。类似地，对于PheWAS，用户可以从 基因组包含（病例）或不包含（对照）一个或多个特定变异的个体。 在开发这些方法时，我们将解决两个问题：1）我们将定制GWAS/PheWAS 在有限资源（例如，存储器、I/O等）的TEE中有效执行的算法，以及2）我们 将利用SGX技术开发新的基因组计算外包和数据共享平台， 并进一步了解和缓解其与GWAS/PheWAS相关的潜在侧通道风险 计算任务。所提出的研究将为安全的GWAS和PheWAS提供实用的解决方案 在三种应用场景中：1）安全外包：研究机构收集匹配的基因组 和表型数据从一个大的队列的情况下，控制个人，并外包存储 这些数据和潜在的重复GWAS和PheWAS计算到公共或商业云; 2)安全协作：跨多个机构的研究人员联盟试图协作 使用每个参与机构收集的数据进行的大型GWAS/PheWAS研究;以及3） 安全的数据共享：研究人员希望与广泛的生物医学研究社区共享他们的数据 以便潜在的数据用户可以进行二次GWAS/PheWAS分析。