Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: Among other things, at a central server, management of a document sharing process includes uploading from client devices through a communication network, storing at the server, and downloading to client devices through the communication network documents that are shared between users of the client devices. Encryption keys are used to protect features of the documents from unauthorized or unintended disclosure. Operations are performed on encryption keys or encrypted data as a result of which protection of features of the documents from unauthorized or unintended disclosure may be compromised. A determination is made whether performance of a given one of the operations on any of the encryption keys or encrypted data meets predefined conditions for approval by members of an approval group. Performance of the operation on the encryption key or encrypted data is controlled based on a result of the determination.

Abstract: Methods and apparatus for a system to maintain confidentiality of data in a database management system by selecting encryption schemes for data items, storing encrypted data in databases, transforming SQL queries to run over encrypted data, and executing queries over encrypted data on the database server.

Abstract: Methods and apparatus for a system to maintain confidentiality of data in a database management system by selecting encryption schemes for data items, storing encrypted data in databases, transforming SQL queries to run over encrypted data, and executing queries over encrypted data on the database server.

Abstract: Techniques are described herein that are capable of providing security guarantees in security service level agreements (SLAB). For instance, a security SLA may specify a level of service to be provided to a user with respect to at least one security property (e.g., confidentiality, integrity, write-serialization, read freshness, etc.). Attestations may be used to prove occurrence (or non-occurrence) of violations of security properties in a manner that is universally verifiable, e.g., by third parties. An attestation is an indicator that is generated by a user to certify that the user makes a request (e.g., get request or put request) or an indicator that is generated by a cloud service provider to certify that the cloud service provider accurately fulfills a request of a user. A security SLA may specify a payment to be made to a user in response to an occurrence of a violation of a security property.