Safety and Security

Throughout the entire life cycle of SPADE's research, development, and operation, the XJTLU-Software team at XJTLU has always placed security protection at the core of its strategic priorities.

Scroll to see more

SPADE Website Database and User Privacy & Security

Multi-dimensional Security Framework

Throughout the entire life cycle of SPADE's research, development, and operation, the XJTLU-Software team at Xi'an Jiaotong-Liverpool University (XJTLU) has always placed security protection at the core of its strategic priorities. In particular, we have built a multi-dimensional, end-to-end security framework covering three key domains: user data privacy protection, compliant application of artificial intelligence, and biosafety risk management.

1.1 User Privacy & Security

User privacy protection is one of the core design principles of the SPADE database (an antimicrobial peptide database). To ensure data security from the very outset, we strictly comply with the Data Security Law, the Personal Information Protection Law, and iGEM's relevant data standards throughout the database's entire life cycle. Privacy protection is embedded into every stage of architecture design, functional development, and data processing.

To minimize transmission risks, SPADE provides users with flexible deployment options: an offline version of the database can be obtained via the official iGEM community and installed on local servers or personal devices. This local deployment mode avoids uploading user data to external servers, thereby eliminating potential leaks or tampering during data transmission and storage—forming the first line of defense for user privacy.

Beyond transmission, data source security is equally vital. In the stages of data acquisition and model training, SPADE enforces strict access and review mechanisms: only authorized antimicrobial peptide datasets are used (including anonymized public academic databases and compliant data provided by partner institutions). All data sources undergo legal compliance checks (e.g., under the Data Security Law) and ethical reviews to ensure that data collection and usage fully comply with legal and research ethics standards. This guarantees security and reliability at the source.

1.2 Data Reliability

Given the sheer volume of large-scale databases, not every antimicrobial peptide entry can be manually verified for quality. To address this, SPADE adopts multiple measures to ensure data integrity. For instance, in cases of conflicting data across databases, references to published literature are prioritized as the primary source. If literature is unavailable, a unified gold standard is established based on Biopython libraries and quantitative scoring.

Furthermore, by filtering for high-quality antimicrobial peptide data, SPADE constructs the AMPOS dataset, which serves as the ground truth for neural network training. The AOMM model (SPADE's core algorithmic framework) and the AMPOS dataset are hosted on the authoritative platform Hugging Face. Users can securely access model parameters, training datasets, and related files via Hugging Face's official Python library and API, ensuring reliable and safe data transmission.

1.3 Software Security

SPADE employs a full-chain, multi-layer defense system, fortifying security from access points to core data.

Access Control

The first security layer applies fine-grained restrictions based on IP, region, or ASN. It blocks malicious traffic, supports partner whitelisting, and applies differentiated rules between production and development environments—ensuring that non-public resources remain internally accessible only.

Application Layer

A Web Application Firewall (WAF) intercepts threats such as SQL injection and XSS following OWASP Top 10 and CRS rules. It supports both proactive blocking during critical operations and passive monitoring during debugging. Thresholds and rule levels are adjustable to reduce false positives.

DDoS Protection

Leveraging a global Anycast edge network, SPADE covers layers L3/4 to L7. Combined with AI-driven traffic analysis, it identifies and mitigates abnormal requests. For example, during the CVE-2023-44487 incident, SPADE updated its full defense chain within 12 hours.

At the infrastructure level, SPADE enforces TLS 1.2+ encryption (with TLS 1.3 prioritized), AES-256 encryption for data transmission and storage, and automatic configuration/renewal of Let's Encrypt certificates. Only pre-rendered static resources are stored on edge nodes, reducing the attack surface.

From a compliance standpoint, SPADE meets standards such as ISO 27001 and PCI DSS, as well as legal frameworks including GDPR and CCPA. Internal access control supports SAML-based SSO and RBAC authorization, enhanced by a security scorecard system for optimized configurations.

For operations and monitoring, SPADE enables custom rate-limiting, request blocking, and redirection policies. A detailed logging system records access behavior, while monitoring dashboards assist in auditing and performance tuning. Defense rules can be managed in bulk, and a visual interface simplifies configuration. Edge functions allow real-time request handling, boosting both security and performance simultaneously.