Augmented reality (AR), which overlays virtual content on top of the user's perception of the real world, is now beginning to enter the consumer market. Besides smartphone platforms, early-stage head-mounted displays such as the Microsoft HoloLens are being actively developed. Many of the most compelling uses of these AR technologies are multi-user: for instance, in-person collaborative tools, multiplayer gaming, and telepresence. Although AR technologies enable new forms of interaction, new security and privacy challenges will also arise when users can augment each other's reality, and it is imperative that these challenges be addressed while the technology is still new and highly malleable. In this work, I explore these emerging challenges in secure and private content sharing for multi-user AR. I systematize design goals for security and functionality that an AR content sharing framework should support, and I design and prototype a framework for the HoloLens that meets these goals. By evaluating my framework against representative application case studies, I show that it meets desired security and functionality goals flexibly across a range of use cases. Preliminary investigations into developer effort suggest that applications' content sharing needs can be achieved in relatively few lines of code. I plan to convert my research prototype into an open-source toolkit so developers can address these challenges in practice. This work opens up directions for future research in how these underlying paradigms should manifest to users in the form of an application's user interface. By building foundations for secure multi-user AR content sharing, my work takes steps toward allowing AR to securely reach its full potential.