Protection of data of database clients from persistent adversaries

Protection of data of database clients from persistent adversaries

One embodiment provides a method, including: receiving, at a database proxy acting as an intermediary between a plurality of database clients and a service provider providing data management services for the plurality of database clients, a set of queries, of at least one of the plurality of databas...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Vinayagamurthy, Dhinakaran, Singhal, Utsav, Kaul, Akshar
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:One embodiment provides a method, including: receiving, at a database proxy acting as an intermediary between a plurality of database clients and a service provider providing data management services for the plurality of database clients, a set of queries, of at least one of the plurality of database clients, for data stored at the service provider in an encrypted form, wherein the database proxy maintains a security budget defining a maximum threshold amount of data leakage for the plurality of database clients; batching the set of queries into query batches; transforming, for each query batch, each query within the query batch, wherein the transforming includes changing the query to reduce data leakage; performing, responsive to transforming each query within the query batch, a transformation on each of the query batches to reduce data leakage; executing, at the database proxy and utilizing an order-preserving encryption algorithm, the query batches; and calculating a remaining security budget based upon data leakage resulting from the executing.