Vulnerability in federated analysis software

Today, the University of Bonn presented a poster at the International Conferences for Systems Biology detailing a mathematical vulnerability in federated analysis software whereby data leakage may occur via deliberate misuse of covariance information by an authenticated data analyst. DataSHIELD is one such federated system that is susceptible to this attack.

Prior to presenting this information publicly, the DataSHIELD Advisory Board and other senior members of the Community were informed about this issue so that ways of further mitigating disclosure risk when using DataSHIELD could be addressed. A detailed statement containing this information will be released in the next few days; it is important to note, however, that such leakage can only occur by a logged in analyst acting with malicious intent, and will be recorded in DataSHIELD logs.

The full vulnerability will be presented at the DataSHIELD conference by Manuel Huth on Friday 21st October online and in Barcelona. For those who wish to know more about the details, registration for the conference has been extended and you can sign up here:

Dr. Andrei Morgan
DataSHIELD Advisory Board Chair

Professor Jan Hasenauer
University of Bonn, Faculty of Mathematical and Natural Sciences, Bonn, Germany
Institute of Computational Biology, Helmholtz Zentrum München München-German Research Center for Environmental Health, Neuherberg, Germany