We present a novel approach for the specification and
enforcement of authorizations that enables controlled
data sharing for collaborative queries in the cloud. Data
authorities can establish authorizations regulating
access to their data distinguishing three visibility levels
(no visibility, encrypted visibility, and plaintext
visibility).
Authorizations are enforced in the query execution by
possibly restricting operation assignments to other
parties and by adjusting visibility of data on-the-fly. Our
approach enables users and data authorities to fully
enjoy the benefits and economic savings of the
competitive open cloud market, while maintaining
control over data.