The Internet and telephone are successful because they use open protocols and open interfaces, allowing users to communicate, innovate and share at will. We propose to facilitate this process in cloud computing, by developing a set of open security services, protocols and interfaces (APIs) that will allow cloud resource owners to be able to specify their policies for fine grained access control to their cloud resources, and have these enforced everywhere at all times, regardless of the subsequent location or data processing that has ensued. The ability to securely share data with anyone, anywhere, at any time, will facilitate spontaneous collaborations and ensure confidence in collaborative working. This will be achieved by using "sticky policies", delegation of authority, federated access and attribute based access controls. Sticky policies are policies which are cryptographically linked or "stuck" to the data and meta-data they control, so that access to the data is only granted if the policy is honoured. In order to cater for Internet scale cloud usage, federated access and attribute based access controls are needed. Federated access allows users to identify themselves to a cloud service using their existing credentials, without having to first obtain new ones from the cloud service itself. Attribute based access controls allows access to be specified based on a user's identity attributes rather than simply an identifier, which is typically used today. In order to achieve Internet scale in identifying users and data resources, an ontology is needed that will classify both the data and the users who wish to access it. The authorities who issue identity attributes will also need to be classified. The characteristics of any particular set of data will be held in meta-data that describes or identifies the data, and conforms to the ontology. The meta-data itself will be stuck to the data in a similar way to the sticky policy. When data is merged or fused with other data, or is split, filtered or reduced, then its meta-data will need to change accordingly, in order to describe the new data. Similarly the sticky policy that controls access to the new data will need to be derived from the original sticky policy(ies). This project will develop a new algebra and algorithms for deriving the new sticky policy from the old, using the ontology and meta-data as a guide. (Note that this project will not be performing the actual data merging or splitting, but simply assumes that trustworthy services are available to do this.) The protocols and APIs specified in this project will be standardised through an organisation already well versed in cloud APIs, such as the Open Grid Forum or OASIS. In order to ensure the widest take up of the services and APIs specified in this project, pilot implementations will be developed in Python and distributed as part of the OpenStack suite of software. OpenStack is a community project involving over 135 organisations, ranging from multi-nationals such as HP, Cisco and Intel, to specialist SMEs such as Cloudscaling. This project proposes to harness the energies of the OpenStack community by acting in a leading role to facilitate others in contributing to the development effort.

QSI aims at training a world-class cohort of doctoral researchers (DRs) capable of taking the next essential steps in the highly demanding area of cybersecurity. We aim to build strong lasting links between strategically selected industry and academic partners, in different disciplines, via the development of novel technologies for practical applications in data security. In parallel, we will also combine, via a collaborative long-term interdisciplinary approach, expertise in all relevant communities to address key fundamental problems in secure communications in the quantum era, and the important applications therein. The planned training network will provide research and training opportunities to a new generation of DRs, who, in the long-run, shall address the Grand Challenge of providing "Quantum-Safe Internet", i.e., a communication infrastructure that is secure against not only classical attacks but also those enabled by quantum technologies. Today's Internet security heavily relies on computational complexity assumptions, and as such is seriously threatened by advancements in quantum computing technologies. Indeed, we have recently witnessed a wave of key developments in this direction by a number of IT giants, e.g., Google, IBM, Microsoft, and Intel. This particularly jeopardizes applications that require long-term security. The number of such applications is continuously growing as more and more of our private information is stored and communicated in a digital way, e.g., electronic health records, which are now required by European legislation to remain secure for a long time. This requires us to urgently develop and implement new solutions, as we plan to do in this Doctoral Network (DN).

Data centre networks are poorly equipped to rapidly spot and address failures, resulting in countless well-documented application performance degradation or outages. This is because the investigation process is performed in centralised commodity servers (collectors) that do not have per-packet visibility, but instead aggregated and sampled statistics from the data plane. The NEAT project will address this deficiency by moving traffic analysis directly into switches that have per-packet visibility. Exploiting advances in programmable hardware, e.g. P4, NEAT will rethink data plane operation and will transform switches from just packet forwarder with limited monitoring capabilities to more intelligent systems capable of analysing traffic and exporting only relevant results. This will enable the level of fine-grained data plane visibility required to allow operators to rapidly identify and adapt to changes in network conditions, which hurts applications.

Energy efficient processes are increasingly key priorities for ICT companies with attention being paid to both ecological and economic drivers. Although in some cases the use of ICT can be beneficial to the environment (for example by reducing journeys and introducing more efficient business processes), countries are becoming increasingly aware of the very large growth in energy consumption of telecommunications companies. For instance in 2007 BT consumed 0.7% of the UK's total electricity usage. In particular, the predicted future growth in the number of connected devices, and the internet bandwidth of an order of magnitude or two is not practical if it leads to a corresponding growth in energy consumption. Regulations may therefore come soon, particularly if Governments mandate moves towards carbon neutrality. Therefore the applicants believe that this proposal is of great importance in seeking to establish the current limits on ICT performance due to known environmental concerns and then develop new ICT techniques to provide enhanced performance. In particular they believe that substantial advances can be achieved through the innovative use of renewable sources and the development of new architectures, protocols, and algorithms operating on hardware which will itself allows significant reductions in energy consumption. This will represent a significant departure from accepted practices where ICT services are provided to meet the growing demand, without any regard for the energy consequences of relative location of supply and demand. In this project therefore, we propose innovatively to consider optimised dynamic placement of ICT services, taking account of varying energy costs at producer and consumer. Energy consumption in networks today is typically highly confined in switching and routing centres. Therefore in the project we will consider block transmission of data between centres chosen for optimum renewable energy supply as power transmission losses will often make the shipping of power to cities (data centres/switching nodes in cities) unattractive. Variable renewable sources such as solar and wind pose fresh challenges in ICT installations and network design, and hence this project will also look at innovative methods of flexible power consumption of block data routers to address this effect. We tackle the challenge along three axes: (i) We seek to design a new generation of ICT infrastructure architectures by addressing the optimisation problem of placing compute and communication resources between the producer and consumer, with the (time-varying) constraint of minimising energy costs. Here the architectures will leverage the new hardware becoming available to allow low energy operation. (ii) We seek to design new protocols and algorithms to enable communications systems to adapt their speed and power consumption according to both the user demand and energy availability. (iii) We build on recent advances in hardware which allow the block routing of data at greatly reduced energy levels over electronic techniques and determine hardware configurations (using on chip monitoring for the first time) to support these dynamic energy and communications needs. Here new network components will be developed, leveraging for example recent significant advances made on developing lower power routing hardware with routing power levels of approximately 1 mW/Gb/s for ns block switching times. In order to ensure success, different companies will engage their expertise: BT, Ericsson, Telecom New Zealand, Cisco and BBC will play a key role in supporting the development of the network architectures, provide experimental support and traffic traces, and aid standards development. Solarflare, Broadcom, Cisco and the BBC will support our protocol and intelligent traffic solutions. Avago, Broadcom and Oclaro will play a key role in the hardware development.

Humans are highly adaptable, and speech is our natural medium for informal communication. When communicating, we continuously adjust to other people, to the situation, and to the environment, using previously acquired knowledge to make this adaptation seem almost instantaneous. Humans generalise, enabling efficient communication in unfamiliar situations and rapid adaptation to new speakers or listeners. Current speech technology works well for certain controlled tasks and domains, but is far from natural, a consequence of its limited ability to acquire knowledge about people or situations, to adapt, and to generalise. This accounts for the uneasy public reaction to speech-driven systems. For example, text-to-speech synthesis can be as intelligible as human speech, but lacks expression and is not perceived as natural. Similarly, the accuracy of speech recognition systems can collapse if the acoustic environment or task domain changes, conditions which a human listener would handle easily. Research approaches to these problems have hitherto been piecemeal and as a result progress has been patchy. In contrast NST will focus on the integrated theoretical development of new joint models for speech recognition and synthesis. These models will allow us to incorporate knowledge about the speakers, the environment, the communication context and awareness of the task, and will learn and adapt from real world data in an online, unsupervised manner. This theoretical unification is already underway within the NST labs and, combined with our record of turning theory into practical state-of-the-art applications, will enable us to bring a naturalness to speech technology that is not currently attainable.The NST programme will yield technology which (1) approaches human adaptability to new communication situations, (2) is capable of personalised communication, and (3) takes account of speaker intention and expressiveness in speech recognition and synthesis. This is an ambitious vision. Its success will be measured in terms of how the theoretical development reshapes the field over the next decade, the takeup of the software systems that we shall develop, and through the impact of our exemplar interactive applications.We shall establish a strong User Group to maximise the impact of the project, with a members concerned with clinical applications, as well as more general speech technology. Members of the User Group include Toshiba, EADS Innovation Works, Cisco, Barnsley Hospital NHS Foundation Trust, and the Euan MacDonald Centre for MND Research. An important interaction with the User Group will be validating our systems on their data and tasks, discussed at an annual user workshop.