The trend towards outsourcing increases the number of documents stored at external service providers. This storage model, however, raises privacy and security concerns because the service providers cannot be trusted with respect to maintaining the privacy of the documents. The research project SemCrypt1 explores techniques for processing queries and updates over encrypted XML documents stored at untrusted servers. By performing encryption and decryption only on the client and not on the server, SemCrypt guarantees that neither the document structure nor the document content are disclosed on the server. Filtering query results and processing as much as possible of the query/update statement on the server does not depend on special encryption techniques. Instead, the chosen approach exploits the structural semantics of XML documents and uses standard, well-proven encryption techniques. SemCrypt thus enables to query and update encrypted XML documents on untrusted servers while ensuring ...