Cloud computing promises to revolutionise how companies, research institutions and government organisations, including the National Health Service (NHS), offer applications and services to users in the digital economy. By consolidating many services as part of a shared ICT infrastructure operated by cloud providers, cloud computing can reduce management costs, shorten the deployment cycle of new services and improve energy efficiency. For example, the UK government's G-Cloud initiative aims to create a cloud ecosystem that will enable government organisations to deploy new applications rapidly, and to share and reuse existing services. Citizens will benefit from increased access to services, while public-sector ICT costs will be reduced. Security considerations, however, are a major issue holding back the widespread adoption of cloud computing: many organisations are concerned about the confidentiality and integrity of their users' data when hosted in third-party public clouds. Today's cloud providers struggle to give strong security guarantees that user data belonging to cloud tenants will be protected "end-to-end", i.e. across the entire workflow of a complex cloud-hosted distributed application. This is a challenging problem because data protection policies associated with applications usually require the strict isolation of certain data while permitting the sharing of other data. As an example, consider a local council with two applications on the G-Cloud: one for calculating unemployment benefits and one for receiving parking ticket fines, with both applications relying on a shared electoral roll database. How can the local council guarantee that data related to unemployment benefits will never be exposed to the parking fine application, even though both applications share a database and the cloud platform? The focus of the CloudSafetNet project is to rethink fundamentally how platform-as-a-service (PaaS) clouds should handle security requirements of applications. The overall goal is to provide the CloudSafetyNet middleware, a novel PaaS platform that acts as a "safety net", protecting against security violations caused by implementation flaws in applications ("intra-tenant security") or vulnerabilities in the cloud platform itself ("inter-tenant security"). CloudSafetyNet follows a "data-centric" security model: the integrity and confidentiality of application data is protected according to data flow policies -- agreements between cloud tenants and the provider specifying the permitted and prohibited exchanges of data between application components. It will enforce data flow policies through multiple levels of security mechanisms following a "defence-in-depth" strategy: based on policies, it creates "data compartments" that contain one or more components and isolate user data. A small privileged kernel, which is part of the middleware and constitutes a trusted computing base (TCB), tracks the flow of data between compartments and prevents flows that would violate policies. Previously such information flow control (IFC) models have been used successfully to enhance programming language, operating system and web application security. To make such a secure PaaS platform a reality, we plan to overcome a set of research challenges. We will explore how cloud application developers can express data-centric security policies that can be translated automatically into a set of data flow constraints in a distributed system. An open problem is how these constraints can be tied in with trusted enforcement mechanisms that exist in today's PaaS clouds. Addressing this will involve research into new lightweight isolation and sand-boxing techniques that allow the controlled execution of software components. In addition, we will advance software engineering methodology for secure cloud applications by developing new software architectures and design patterns that are compatible with compartmentalised data flow enforcement.

The Internet of Things has great potential to revolutionise the way in which we deploy networked devices, and to provide networking capability to every-day objects, making them 'smart objects'. Security should be at the core of these newly developed smart objects, but innovation is outstripping the development of security in this context. There is much emphasis on the positive side of this technology without considering the negative implications. It is not too challenging to think of many ways how the Internet of Things can be abused letting outsiders in through a digital ruse. This would include intruders gaining access to a lighting system, to remotely switch off the lights in a property, to assist in home burglary. Its also not too far of stretch to imagine an intruder turning on a cooker remotely, with the potential to cause a form of "digital arson" which we have never before experienced. Yes, it is amazing to be able to text your cooker so that dinner is ready when you get home. However, do we really want these features if it leaves us vulnerable to digital attack on our properties? Vast improvements need to be made in the state of the art of cyber defences in order to prepare and protect ourselves for the imminent innovations in digital technology. Novel and effective solutions in computer based security are imperative to research as current techniques may not prove effective in this new context. In order to create the next generation of cyber defence tools we must look to new sources of inspiration. One of these can be in the form of studying how this problem is solved in natural systems, in particular the defence and response mechanisms of the human immune system. Artificial immune systems (AIS) are one potential solution which may have significant impact on future cyber defence. They are designed to solve computational problems through studying natural mechanisms in immunology. Current research in AIS for computer security focuses purely on detection of anomalies, leaving the user to respond to the detected threat. Few of these systems actually produce any form of response as a result of detecting a potential intrusion. This is problematic in the Internet of Things as the responsibility would lie with the homeowner who is not a cyber security expert, leaving homes potentially vulnerable to digital intrusions. The novelty of this proposed research is to create a prototype responsive artificial immune system - RAIS, which can both detect intruders and produce appropriate responses in order to mitigate the problem of automatically responding intrusion detection systems. Persistent engagement with a cyber defence stakeholder will ensure that the prototype system is useful in cyber defence applications. Our approach to this is to perform a deep interdisciplinary study of the translation of detection to response within the human immune system by modelling immune responses. A mechanism in immunology termed the 'immunological synapse' will be studied form the basis of a model used to create a novel blueprint for the responsive artificial immune system. This will occur through constructing agent-based models of the natural system from which these necessary properties can be abstracted by looking at how two cell types, Dendritic Cells and T-helper cells interact to produce immune responses to pathogens. We will model this interaction using knowledge already amassed by the host group, and aim to extend the research through performing further experiments to refine these models. The discipline hop is to be hosted within an immunology lab, whose research aims to understand immune mechanisms of response in order to create immunotherapies for treating cancers, by turning the immune system against detected tumour cells. Understanding of natural immune responses is key for both the future developments of artificial immune systems and also in how to use the immune system therapeutically in the fight against cancer.

Horizon is a multidisciplinary centre for Digital Economy (DE) research and impact. We balance the development of new technologies to capture and analyse human data, with explorations of how these can be used to deliver powerful experiences to people, with an awareness and understanding of the human and social values that must underpin these. We follow a user-centred approach, undertaking research in the wild based on principles of open innovation. In its first phase, Horizon has established a core team of over 50 researchers and has reached out to build a wider network of 35 academic and 200 industry, public and third-sector partners. We have established a Centre for Doctoral Training and inaugurated the DE All Hands series of conferences and national DE CDT Summer School. World-class scientific outputs in diverse disciplines have been balanced with economic, cultural and societal impact. This proposal builds on this critical mass to enable a step-change in Horizon's translational research and impact. We respond to the changing nature of the digital economy as it matures, as the social, physical and digital become blended and as human data becomes an increasingly valuable asset. We offer a vision in which human data enables the creation and delivery of highly personal experiences. We propose to address three major challenges. The first is to establish new technologies that collect and interpret our human data in a more transparent way. The second is to be able to better understand and design new kinds of experiences that employ these technologies to promote the values of personal fulfilment, wellbeing and sustainability. The third is to address key ethical challenges around design for privacy and new models of ownership. We will work closely with a range of external partners whose interests span: computing and analytics; social policy; and diverse sectors of the DE including creative industries, retail, fast moving consumer goods, finance, energy, transportation and healthcare. We will engage these through a programme of agile translational research projects. These will be integrated into an overarching strategic impact campaign that revolves around three flagships. In turn, these will be supported by two further programmes; one targeted at sustaining the wider DE community and the second at developing the capacity of our researchers to deliver translational research and impact.

Cloud computing aims to revolutionise traditional ways of service delivery. It enables companies, research institutions and government organisations to consolidate services in a shared ICT infrastructure supported by cloud providers. This reduces ownership and management costs, allows services to scale on-demand and improves energy efficiency. Security considerations, however, are a practical obstacle for the adoption of cloud computing. Cloud providers consolidate data from multiple services, which may result in wide-spread data disclosure when their security is compromised. Strong cloud security is hard to achieve because it requires that the cloud platform cannot be compromised by hosted applications and that applications belonging to different cloud tenants are isolated to prevent data leakage. It is even harder for federated clouds, i.e. when a cloud provider uses another provider for some of its services. This is common in a Software-as-a-Service (SaaS) model, in which a provider offers a high-level service that can be reused by other providers. Both clients and cloud providers have an incentive to control the propagation of sensitive data. Clients are often legally responsible for data protection, and cloud providers want to prevent hosting sensitive data to avoid liability claims after security incidents. The CloudFilter project explores novel methods for exercising control over sensitive data propagation across multiple cloud providers. The targeted outcome is a practical solution that allows clients and cloud providers to control the sensitivity of data that is transferred across their systems and to prevent user actions that would violate data dissemination policies. Our key idea is to provide application-level proxies that transparently monitor data propagation from clients to cloud providers and between cloud providers. These proxies employ a data labelling scheme inspired by decentralised information flow control (DIFC) models, in which security classes express the sensitivity of transfered data. When crossing domain boundaries, labels are attached to data automatically based on data dissemination policies. Proxies verify labels according to domain policies to detect and prevent unauthorised data propagation between cloud domain domains.

Rapidly developing digital technologies, together with social and business trends, are providing huge opportunities for innovation in product and service markets, and also in government processes. Technology developments drive socioeconomic and behavioural changes and vice versa, and the rate of change in these makes tracking and responding to high-speed developments a significant challenge in public and private sectors alike. Agile governance and policy-making for emerging technologies is likely to become a key theme in strategic thinking for the public and private sectors. Particular trends that are challenging now, and will increasingly challenge society include developments in technologies on the outskirts of the internet. These include Artificial Intelligence, not just in the cloud but in Edge computing, and in Internet of Things devices and networks. Alongside and in conjunction with this ecosystem, is Distributed Ledger Technology. Together this ensemble of technologies will enable innovations that promote productivity, like peer-to-peer dynamic contracts and other decision processes, with or without human sight or intervention. However, the ensemble's autonomy, proliferation and use in critical applications, makes the potential for hacking and similar attacks very significant, with the likelihood of them growing to become an issue of strategic national importance. To address this challenge, and to preserve the immense economic and productivity benefits that will come from the successful deployment and application of digital technologies 'at the edge', a focused initiative is needed. Ideally, this will use the UK's current platform of experience in the safe and secure application of the Internet of Things. The contributors to this platform include PETRAS partners, and several other centres of excellence around the UK. It is therefore proposed to build an inclusive PETRAS 2 Research Centre with national strategic value, on the established and successful platform of the PETRAS Hub. This will inherit its governance and management models, which have demonstrated the ability to coordinate and convene collaboration across 11 universities and 110 industrial and government User Partners, but will importantly step up its mission and inclusivity through open research calls for new and existing academic partners. PETRAS 2 will maintain an agile and shared research agenda that views social and physical science challenges with equal measure, and covers a broad range of Technology Readiness Levels, particularly those close to market. It will operate as a virtual centre, providing a magnet for collaboration for user partners and a single expert voice for government. User partner engagement is likely to be strong following the successes of the current PETRAS programme, which has raised over £1m in cash contributions from partners during 2018. The new PETRAS 2 'Secure Digital Technologies at the Edge' methodology will inherit the best of PETRAS, including open calls to the UK research community and a partnership-building fund that allows a responsive approach to opportunities that emerge from existing and new user and academic partnerships. PETRAS 2 will be driven by sectoral cybersecurity priorities while retaining a discovery research agenda to horizon-scan and develop understanding of new threats and opportunities. The scope of projects and the associated Innovate UK SDTaP demonstrators, spans early to late TRLs and aims to put knowledge into real user partner practice. Furthermore, the development of many early career researchers through PETRAS 2 research activities should lead to a step change in our national capability and capacity to address this highly dynamic area of socio-technical opportunity and risk.