TRUST focuses on personal data protection measures to meet the objectives of the RGPD but also the texts in preparation such as the "Data Act" or the "Data Governance Act". We propose to study and develop new security solutions, based on advanced cryptography, for use cases involving the reuse of personal data. These use cases will present various configurations in terms of actors, type of data and processing, opening the way to different technical and legal issues. We thus seek to anticipate legal evolutions and prepare technical architectures to allow the reuse of personal data in compliance with the various legal frameworks.

5G networks are expected to revolution our living environments, our cities and our industry by connecting everything. 5G design has, thus, to meet the requirements of two “new” mobile services: massive Machine-Type Communications (mMTC), and Ultra Reliable Low Latency Communications (URLLC). Slicing concept facilitates serving these services with very heterogeneous requirements on a unique infrastructure. Indeed, slicing allows logically-isolated network partitioning with a slice representing a unit of programmable resources such as networking, computation and storage. Slicing was originally proposed for core networks, but is now being discussed for the Radio Access Network (RAN) owing to the evolution of technologies which now enable its implementation. These technologies include mainly the tendency for virtualizing the RAN equipment and its programmable control, the advent of Mobile Edge Computing (MEC) and the flexible design of 5G on the physical and MAC layers. However, the complete implementation of slicing in the RAN faces several challenges, in particular to manage the slices and associated control and data planes and for scheduling and resources allocation mechanisms. MAESTRO-5G project develops enablers for implementing and managing slices in the 5G radio access network, not only for the purpose of serving heterogeneous services, but also for dynamic sharing of infrastructure between operators. For this aim the project puts together exerts on performance evaluation, queuing theory, network economy, game theory and operations research. MAESTRO-5G is expected to provide: •A resource allocation framework for slices, integrating heterogeneous QoS requirements and spanning on multiple resources including radio, backhauling/fronthauling and processing resources in the RAN. •A complete slice management architecture including provisioning and re-optimization modules and their integration with NFV and SDN strata. •A business layer for slicing in 5G, enabling win-win situations between players from the telecommunications industry and the verticals, ensuring that the 5G services are commercially viable and gain acceptance in the market. •A demonstrator showing the practical feasibility as well as integration of the major functions and mechanisms proposed by the project, on a 5G Cloud RAN platform. The enhanced platform is expected to support the different 5G services (eMBB and IoT) and to demonstrate key aspects of slicing, such as: - Ability to create and operate in parallel multiple slices, on the same infrastructure and sharing the same radio resources (e.g. spectrum), each having different service requirements. - Ability to create and operate in parallel and independently different slices, sharing the same infrastructure/spectrum, belonging to different business actors, such as different operators. - Demonstrate inter-slice control ensuring respect of SLAs and a fair resource sharing.

Nowadays, a wide variety of online services (e.g., web search engines, location-based services, recommender systems) are being used by billions of users on a daily basis. Key to the success of these services is the personalisation of their results, that is returning to each user those results that are closer to her interests. For instance, given a web search query sent by two different users, search engines generally rank differently the search results to best fit each user preferences. However, according to the underlying application, user profiles may contain sensitive information about end users. In this context, it becomes urgent to devise mechanisms that allow users to securely access online services without fearing that their data will be leaked out from the cloud platforms where it is being stored and processed. The proposed PRIMaTE project addresses privacy-preserving in online services. We propose a system that reduces and precisely specifies trust assumptions, while still providing improved performance compared to the state of the art. Our key contribution will be to systematically decompose these services in strongly hardware-secured compartments, where each them has only access to the essentially necessary data to perform the assigned task. In case of security breaches for example due to attackers exploiting a weakness in the code of one or even multiple compartments, the impact of the leaked data will be kept at bounds and their effect can be precisely quantified. Thus, the attacker might only learn certain aspects of a profile but cannot link it to a user. PRIMaTE achieves this goal by utilizing novel trusted execution support offered by recent commodity processors such as the 2016 introduced Skylake generation of Intel processors. Trusted execution as offered by Intel Software Guard Extensions (SGX) is a disruptive technology that will impact how code and data is protected in the future. PRIMaTE will utilize trusted execution to devise novel privacy-preserving online services. While current research on trusted execution focused either on deploying whole legacy applications such as a databases in a single Trusted Execution Environment (TEE) or on ad-hoc solutions to split existing applications into two parts a trusted and untrusted one PRIMaTE aims for a more systematic and fine-grained approach. It targets to develop a methodology to split privacy-preserving online services into multiple interacting compartments each implemented by a TEE. Thereby, each TEE should handle as little data as possible and have a tailored and therefore minimal trusted computing base. While the latter makes it hard to exploit a PRIMaTE TEE, the former limits the exposed information if an attacker is able to successfully break into a TEE.