US 11,836,269 B2
Protection of data of database clients from persistent adversaries
Dhinakaran Vinayagamurthy, Erode (IN); Utsav Singhal, Kota (IN); and Akshar Kaul, Bangalore (IN)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Aug. 23, 2021, as Appl. No. 17/408,878.
Prior Publication US 2023/0055992 A1, Feb. 23, 2023
Int. Cl. G06F 21/62 (2013.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01)
CPC G06F 21/6227 (2013.01) [G06F 21/556 (2013.01); G06F 21/602 (2013.01); G06F 21/6245 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, at a database proxy acting as an intermediary between a plurality of database clients and a service provider providing data management services for the plurality of database clients, a set of queries, of at least one of the plurality of database clients, for data stored at the service provider in an encrypted form, wherein the database proxy maintains a security budget defining a maximum threshold amount of data leakage for the plurality of database clients;
batching, at the database proxy, the set of queries into a plurality of query batches;
transforming, at the database proxy and for each of the plurality of query batches, each query of queries within each of the plurality of query batches, wherein the transforming comprises changing each of the queries to reduce the data leakage;
performing, at the database proxy and responsive to transforming each of the queries within each of the plurality of query batches, a transformation on each of the plurality of query batches to reduce the data leakage;
executing, at the database proxy and utilizing an order-preserving encryption algorithm, the plurality of query batches; and
calculating, at the database proxy, a remaining security budget based upon the data leakage resulting from the executing of the plurality of query batches.