On BioLib, protection of data is the highest priority, and we always apply verifiable zero-knowledge data security.
Specifically, no information about the input data, or the result of the analysis, is ever revealed to the application
developer, BioLib, or any other third-party. This is achieved by leveraging a combination of client-side execution and
end-to-end encrypted cloud computing.
When running applications using client-side execution, BioLib's infrastructure leverages the WebAssembly standard, which
is compatible with most modern browsers, to turn your computer into a secure 'sandboxed' execution environment. The
program code is sent to your machine, where it will be executed locally with your private input.
When running applications using client-side execution, the analysis algorithm is sent to the end-users' machine, where
it is executed in an isolated sandbox environment. No data can leave the PC without the user's authorization.
Client-side execution offers you as an end-user the highest possible level of data security as no data can leave the
local sandbox on your machine. Hence, your data stays secure within your PC and nobody - neither the application
developer, BioLib, nor third-party code providers - will be able to access your data. For more documentation on the Web
Assembly standard, visit webassembly.org.
Encrypted Cloud Execution
When running applications using BioLib's Encrypted Cloud, the analyses run on a remote server managed by BioLib. Your
data is encrypted client-side and then uploaded to special hardware called a Secure Enclave. The analysis is executed,
and the result is encrypted inside the enclave before it is returned to your PC. Neither the analysis developer nor
BioLib ever has access to your data.
Secure Enclaves are purpose-designed hardware that can verify that particular pieces of code have been executed on them.
Leveraging this capability and running an open-sourced host application, it can be verified that input data and results
of a given analysis can only be returned to the data-owner. This means that no-one - neither the application developer,
BioLib, nor the cloud service provider - will be able to access the input data or the results of the analysis.
Still have a question?
If you have any questions that you can't find an answer to above, please reach out to the BioLib community.