Title: Computer Security Risks in DNA-Information Systems
Advisor: Yoshi Kohno
Supervisory Committee: Yoshi Kohno (Chair), Jay Shendure (GSR, Genome Sciences), Franziska Roesner, Luis Ceze, and Michael Calo (School of Law)
Abstract: Advances in biotechnology have made DNA manipulation and information processing nearly ubiquitous. It is now an essential tool in many fields including medicine, genomics, forensics, and bioengineering. DNA technology increasingly resembles information technology: DNA, like any form of information, can be read (sequenced), written (synthesized), analyzed (with bioinformatics utilities), and stored (in genetic databases). The recent integration of DNA and computer systems -- which I call DNA-information systems -- raises new security concerns. I hypothesize that DNA-information systems will be vulnerable to attacks that are common in computer systems. Some of these attacks include the processing of untrusted or unsanitized DNA input by vulnerable computer programs, leveraging information side-channel vulnerabilities to leak information or corrupt results, and spoofing DNA when it is used for identity or authentication. In this thesis proposal I explore the emerging risks in DNA-information systems. I describe work I have done demonstrating that physical DNA molecules can encode malicious computer code that can be used to exploit computer systems if that DNA is sequenced and processed by vulnerable analysis programs. I also show that side-channel vulnerabilities in next-generation sequencing instruments can be used to maliciously modify the genetic interpretation of other genomic samples. Finally, I discuss future work exploring the security of DNA forensics systems.