Galaxy is an open-source, web-based application for performing data-intensive biomedical research. It combines common software tools and data workflows to provide researchers without an informatics platform in an accessible, easy to use interface, which abstracts the complexity of interacting with compute resources. Galaxy provides a free, public, internet accessible instance at https://usegalaxy.org, utilizing infrastructure provided by CyVerse at the Texas Advanced Computing Center, with support from the National Science Foundation. Galaxy can also be installed and run locally at sites, or run in the cloud, providing flexibility for deployment, custom security requirements, and compute availability. The Galaxy Project is supported in part by NSF, NHGRI (National Human Genome Research Institute), The Huck Institutes of the Life Sciences, The Institute for CyberScience at Penn State, and Johns Hopkins University. The Galaxy Team is a part of the Center for Comparative Genomics and Bioinformatics at Penn State, the Department of Biology at Johns Hopkins University, and the Computational Biology Program at Oregon Health & Science University.
The overall goal is for Trusted CI to work with Galaxy in reviewing the current security practices of the Galaxy project container-based deployments and provide recommendations to ensure safe handling, processing, and storage of data. To that end, Trusted CI will focus on the following activities:
Review Galaxy components and their interactions to gain a detailed understanding of the overall security architecture, and data work-flow, while generating updated architecture diagrams.
Evaluate Galaxy against NIST 800-53 and determine where controls need to be implemented.
Conduct a HIPAA gap analysis to identify any areas needing additional safeguards. Provide guidance on processes and tools needed to fill any gaps identified.
Provide guidance on processes and tools required to fill these gaps.
Time permitting: Review the architecture and implementation of usegalaxy.org and make recommendations for improving security.
