US Patent 11836269 Protection of data of database clients from persistent adversaries

One embodiment provides a method, including: receiving, at a database proxy acting as an intermediary between a plurality of database clients and a service provider providing data management services for the plurality of database clients, a set of queries, of at least one of the plurality of database clients, for data stored at the service provider in an encrypted form, wherein the database proxy maintains a security budget defining a maximum threshold amount of data leakage for the plurality of database clients; batching the set of queries into query batches; transforming, for each query batch, each query within the query batch, wherein the transforming includes changing the query to reduce data leakage; performing, responsive to transforming each query within the query batch, a transformation on each of the query batches to reduce data leakage; executing, at the database proxy and utilizing an order-preserving encryption algorithm, the query batches; and calculating a remaining security budget based upon data leakage resulting from the executing.