Protection of data of database clients from persistent adversaries

Assignee

• International Business Machines Corporation · US

Inventors

• Dhinakaran Vinayagamurthy · Kanchinakote, IN
• Utsav Singhal · Kota, IN
• Akshar Kaul · Bengaluru, IN

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/6245
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

One embodiment provides a method, including: receiving, at a database proxy acting as an intermediary between a plurality of database clients and a service provider providing data management services for the plurality of database clients, a set of queries, of at least one of the plurality of database clients, for data stored at the service provider in an encrypted form, wherein the database proxy maintains a security budget defining a maximum threshold amount of data leakage for the plurality of database clients; batching the set of queries into query batches; transforming, for each query batch, each query within the query batch, wherein the transforming includes changing the query to reduce data leakage; performing, responsive to transforming each query within the query batch, a transformation on each of the query batches to reduce data leakage; executing, at the database proxy and utilizing an order-preserving encryption algorithm, the query batches; and calculating a remaining security budget based upon data leakage resulting from the executing.