Protecting data in insecure cloud storage

What is claimed is: 1. A system for processing data, comprising: a first client configured to: encrypt a first set of data; upload the encrypted first set of data to a volume on a cloud storage system; and create a commit record of the upload, wherein the commit record comprises: a hash-based message authentication code (HMAC) of a path associated with the data; a previous state of the data; a current state of the data; metadata for the data; a digital signature from the first client; and a timestamp; and a synchronization server configured to: verify access to the volume by the first client; include the commit record in a change set comprising a set of commit records associated with the volume; sign the change set; and provide the change set for use in synchronizing the upload with a second client. 2. The system of claim 1 , further comprising: the second client configured to: obtain the signed change set from the synchronization server; verify a set of signatures in the change set; use the commit record from the change set to update a local data state; and use the commit record to add a download of the first set of data to a download queue. 3. The system of claim 2 , wherein the second client is further configured to: obtain the download from the download queue; use a path from the download to download the encrypted first set of data from the volume; decrypt and verify the first set of data; and write the first set of data to a file on a local filesystem. 4. The system of claim 3 , wherein the second client is further configured to: upon detecting an existing version of the file on the local filesystem: open the existing version with exclusive write access; obtain one or more file attributes for the existing version; if the one or more file attributes have not changed, replace the existing version with the first set of data; and if the one or more file attributes have changed, place the download back in the download queue. 5. The system of claim 2 , further comprising: a management server configured to: provide a set of digital certificates for validating a set of keys used by the first client and the synchronization server; and provide an access control policy associated with access to the volume by the first and second clients. 6. The system of claim 5 , wherein the set of keys comprises: a first key used by the first client to encrypt the data; and a second key used by the synchronization server to sign the change set. 7. The system of claim 1 , wherein the synchronization server is further configured to notify the first client of a conflict between the uploaded first set of data and a second set of data in the volume, and wherein the first client is further configured to resolve the conflict. 8. The system of claim 7 , wherein resolving the conflict involves: downloading the second set of data from the cloud storage system to a local filesystem; and renaming the first set of data in the local filesystem. 9. The system of claim 1 , wherein the change set comprises: a set of signed commit records; an identifier for the volume; a change set identifier; a digital signature from the synchronization server; and a timestamp. 10. A computer-implemented method for processing data, comprising: encrypting a first set of data on a first client; uploading the encrypted first set of data from the first client to a volume on a cloud storage system; creating a commit record of the upload, wherein the commit record comprises: a hash-based message authentication code (HMAC) of a path associated with the data; a previous state of the data; a current state of the data; metadata for the data; a digital signature from the first client; and a timestamp; and providing the commit record to a synchronization server, wherein the commit record is used by the synchronization server to synchronize the upload with a second client associated with the volume. 11. The computer-implemented method of claim 10 , further comprising: receiving, at the first client, a notification of a conflict between the uploaded first set of data and a second set of data on the cloud storage system from the synchronization server; and using the first client to resolve the conflict. 12. The computer-implemented method of claim 11 , wherein using the first client to resolve the conflict involves: downloading the second set of data from the cloud storage system to the first client; and renaming the first set of data on the first client. 13. The computer-implemented method of claim 10 , further comprising: obtaining, at the first client, a change set from the synchronization server, wherein the change set comprises one or more commit records from one or more other clients associated with the volume; verifying a set of signatures in the change set; using the one or more commit records to update a local data state on the first client; and using the one or more commit records to add a download of a second set of data to a download queue on the first client. 14. The computer-implemented method of claim 13 , further comprising: obtaining the download from the download queue; using a path from the download to download the second set of data from the volume to the first client; decrypting and verifying the second set of data at the first client; and writing the second set of data to a file in a local filesystem of the first client. 15. The computer-implemented method of claim 14 , further comprising: upon detecting an existing version of the file on the local filesystem: opening the existing version with exclusive write access; obtaining one or more file attributes for the existing version; if the one or more file attributes have not changed, replacing the existing version with the second set of data; and if the one or more file attributes have changed, placing the download back in the download queue. 16. A computer-implemented method for synchronizing data, comprising: obtaining, from a first client, a commit record of data uploaded to a volume on a cloud storage system, wherein the commit record comprises: a hash-based message authentication code (HMAC) of a path associated with the data, a previous state of the data; a current state of the data; metadata for the data; a digital signature from the first client; and a timestamp; using the digital signature in the commit record to verify access to the volume by the first client; including the commit record in a change set; signing the change set; and providing the change set for use in synchronizing the upload with a second client associated with the volume. 17. The computer-implemented method of claim 16 , further comprising: notifying the first client of a conflict between the uploaded data and existing data in the volume. 18. The computer-implemented method of claim 16 , wherein the change set comprises: a set of signed commit records; an identifier for the volume; a change set identifier; a digital signature from the synchronization server; and a timestamp. 19. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for processing data, the method comprising: encrypting a first set of data on a first client; uploading the encrypted first set of data from the first client to a volume on a cloud storage system; creating a commit record of the upload, wherein the commit record co