Artificial Intelligence (AI), to become fully pervasive, needs resources at the edge of the network. The cloud can provide the processing power needed for big data, but edge computing is close to where data are produced and therefore crucial to their timely, flexible, and secure management. AI-SPRINT will define a framework for developing AI applications in computing continua, enabling a finely-tuned tradeoff between performance (e.g. in terms of end-to-end latency and throughput) and AI model accuracy, while providing security and privacy guarantees. AI-SPRINT outcomes are: i) simplified programming models to reduce the steep learning curves in the development of AI software in computing continua; ii) highly specialized building blocks for distributed training, privacy preservation and advanced machine learning models, to shorten time-to-market for AI applications; iii) automated deployment and dynamic reconfiguration to decrease the cost of operating AI software. Beneficiaries include end-users of AI systems, software developers, system integrators, and cloud providers. AI-SPRINT tools will make it possible to consider security and privacy early in the design stage and to seamlessly manage the time-varying conditions typical of real environments. Real-world scenarios are an integral part of AI-SPRINT as key to guiding requirements and development and validating results. Three heterogeneous use cases (farming 4.0, maintenance & inspection, and personalized healthcare) are built by industrial partners. Cutting-edge innovation is brought to the Consortium by four research partners with complementary expertise. Two system integrators provide vision on relevant verticals and technology insights, one cloud provider brings real-world implementation expertise, and two specialists in dissemination ensure impacts and uptake. AI-SPRINT will also pursue a sustainability path through the creation of an Alliance and Adopter Acceleration club as a marketplace for AI businesses

Cloud security is of immediate concern to organisations that must comply with strict confidentiality and integrity policies. More broadly, security has emerged as a commercial imperative for cloud computing across a wide range of markets. The lack of adequate security guarantees is becoming the primary barrier to the broad adoption of cloud computing. The Secure Enclaves for REactive Cloud Applications (SERECA) project aims to remove technical impediments to secure cloud computing, and thereby encourage greater uptake of cost-effective and innovative cloud solutions in Europe. It proposes to develop secure enclaves, a new technique that exploits secure commodity CPU hardware for cloud deployments, empowering applications to ensure their own security without relying on public cloud operators. Secure enclaves additionally support regulatory-compliant data localisation by allowing applications to securely span multiple cloud data centres. Although secure enclaves are a general mechanism, SERECA focuses on a particularly important and rapidly growing class of applications: reactive applications for the Internet of Things (IoT), Cyber-Physical Systems (CPS), augmented reality, gaming, computer-mediated social interaction, and the like. These applications are highly interactive, data intensive, and distributed, often involving extremely sensitive societal and personal information. SERECA is validating its results through the development of two innovative and challenging industry-led use cases. One concerns the monitoring of a civil water supply network, a critical infrastructure targeted by malicious attacks. The other concerns a commercial software-as-a-service (SaaS) application for analysing the performance of cloud-deployed applications. Such a service collects sensitive performance metrics about live usage, assets that must be protected from industrial espionage and other criminal activities.

Cloud infrastructures, despite all their advantages and importance to the competitiveness of modern economies, raise fundamental questions related to the privacy, integrity, and security of offsite data storage and processing tasks. These questions are currently not answered satisfactorily by existing technologies. Furthermore, recent developments in the wake of the expansive and sometimes unauthorized government access to private and sensitive data raise major privacy and security concerns about data located in the cloud, especially when data is physically located, processed, or must transit outside the legal jurisdiction of its rightful owner. This is exacerbated by providers of cloud services that frequently move and process data without notice in ways that are detrimental to the users and their privacy. SafeCloud will re-architect cloud infrastructures to ensure that data transmission, storage, and processing can be (1) partitioned in multiple administrative domains that are unlikely to collude, so that sensitive data can be protected by design; (2) entangled with inter-dependencies that make it impossible for any of the domains to tamper with its integrity. These two principles (partitioning and entanglement) are thus applied holistically across the entire data management stack, from communication to storage and processing. Users will control the choice of non-colluding domains for partitioning and the tradeoffs between entanglement and performance, and thus will have full control over what happens to their data. This will make users less reluctant to manage their personal data online due to privacy concerns and will generate positive business cases for privacy-sensitive online applications such as the distributed cloud infrastructure and medical record storage platform that we address.