PACE: Privacy-aware Cloud Ecosystems

With increasing take up of externally provisioned and managed services (from government, finance, entertainment), often hosted over Cloud computing infrastructure, there is a realisation that on-line electronic services can involve an interlinked range of providers. Gartner forecasts that cloud computing market will grow at a compound annual growth rate of 32% (2016-2019), with the potential for additional providers to emerge in the market place. Ofcom's "Communication Market Report" indicates total UK telecoms business revenue were 37.5bn in 2015, indicating significant contribution of mobile services to the UK economy. With the availability of additional mobile services and infrastructure, there is interest in new business models that can facilitate additional subscribers to make use of these services. However, from a user's perspective, trust in the use of these services remains limited, as highlighted in the Pew Research Centre report ("The Fate of Online Trust in the Next Decade", August 2017), which surveyed 1,233 respondents - 24% of these respondents predicted that trust in on-line services is likely to diminish over time. The report revealed that although billions of people use "cellphones" and the internet now, many still do not use that connectivity for shopping, banking, and other important transactions due to limited trust in on-line providers. Some of the respondents surveyed indicated that the use of new technology (such as Blockchains) and regulatory compliance (and industry changes) will help increase trust in on-line services.

As more people move online globally over the next decade, both opportunities and threats grow. It is now likely that due to the wide adoption of Cloud based provisioning, some of these mobile services will exist at the network edge. Consider, for instance, a coffee chain that initially provided Wifi services to customers, now working in collaboration with data centre providers to offer additional services to users (e.g. edge data storage, multimedia caching, etc). Such scenarios have been proposed by a number of organisations involved in Mobile Edge Computing (e.g. the European ETSI and the NIST "Big Data" Working Group). This project addresses security and privacy requirements of such environments, where multiple Cloud computing providers need to work collaboratively to offer services to a user. Users of these services only interact with a Web interface rather than the larger, distributed service ecosystem, and are often unfamiliar with the "ecosystem" of providers that are involved in offering them a particular capability. Their visibility beyond the first service provider is often missing, requiring them to "trust" the provider in handling and managing their data. This is a significant challenge, and according to a recent report from the Pew Research Centre, often deters the use of on-line services (especially for data providers which are new in the market place).

They often entrust their data and identity without realising that the service provider may share their data with several back-end services (Cloud hosted analytics, advertisers). While this has been a problem in the past, it will be greatly exacerbated by the expansion of internet connected devices. In order to address this, the General Data Protection Regulation (GDPR) will be implemented to ensure that non-expert users can make informed decisions about their privacy and thereby give 'informed consent' to the use, sharing and re-purposing of their personal data. There are a number of challenges to facilitating this, both for individuals who need to provide consent and for data controllers who need to obtain it. As a means of addressing this, we propose a technological solution in the form of a mobile software "container" that will ensure that all access instances are securely logged. This will improve transparency, enable an audit trail of providers and facilitate greater trust between users and service providers.

The proposed project addresses cutting edge research problems with immediate economic benefits. We seek transformational impact on the target scientific community, while benefiting users in multiple sectors (core ICT, industry process management, and law) who deal with cloud services. We adopt a multi-faceted impact strategy, which will involve the following strands:

1. We will demonstrate the societal and industrial impact of the research by showcasing the development and implementation of real-world use cases made available by industry partner such as the Airbus Group.

2. We will establish an International Advisory Board involving industrial and academic leaders, to support and foster end user engagement, feedback, dissemination and exploitation.

3. We will jointly develop an industrial technology transfer strategy through our industry partners including Flexiops, T-Systems, and Simudyne.

4. We will jointly showcase the outcomes of the project to developers and practitioners in industry with the Data Innovation Research Institute, Cardiff, National Innovation Centre for Data, Newcastle, and PETRAS IoT Hub via Cardiff/UCL.

5. We will enhance academic impact by disseminating research results through papers in high quality conferences and journals, such as IEEE Trans. on Cloud Computing, IEEE Trans. on Services Computing, IEEE Trans. on Parallel and Distributed Systems, ACM CCS, IEEE/ACM CCGRID, etc.

6. We will build a community of practice around the techniques (e.g. Blockchain based immutable recording and container-based event management) developed in this project by making the resultant software framework accessible in Open Source form.

7. We will maximise national economic benefits from public investment in research through liaison with research commercialisation offices at Cardiff, Newcastle, and UCL.

8. We will enrich existing teaching and research programs at Cardiff, Newcastle, and UCL in the cross-disciplinary field of research targeted by this proposal.

9. We will bridge the gap between technology, law and public policy to fully explore the challenges of consent in data flows for the promotion of a resilient society and economy in the UK.

The research is supported by strategic industry partners:
(a) Airbus Group Limited: multinational corporation that designs, manufactures, and sells aeronautical, access to multi-cloud hosted application service for fleet maintenance, logistics, and supply chain; supporting strands 1, 2; (b) Flexiops: pioneers in developing cloud and IoT software platform, feedback on research directions and milestones; supporting strands 2, 3, 4; (c) T-Systems: expertise in production-scale cloud and experience in investigating migration of organisations to cloud computing, feedback on research directions and milestones; supporting strands 2, 3, 4; (d) Simudyne: expertise in developing cloud-based computational simulation models targeting diverse sectors, feedback on research directions and milestones, supporting strands 2, 3, 4. (e) Muckle LLP: UK's leading solicitor firm, feedback on research directions and milestones, supporting strands 2, 3, 4.

The project will also maintain a web and social media presence, and disseminate the outcome of the work through interaction with local organisations at both Newcastle, Cardiff and UCL through our existing collaborations (such as Newcastle University's Digital Institute (http://www.ncl.ac.uk/digitalinstitute/), Cardiff University's Data Innovation Institute/Innovation Network (http://www.cardiff.ac.uk/data-innovation-research-institute)).