Many small transactions are used together for a larger
aggregated effect. Examples include taking round-off error amounts from
financial interest computations and adding them to the thief's account
balance (resulting in no net loss to the system), the slow leakage of
information through covert channels at rates below normal detection
thresholds, and economic intelligence gathering efforts involving the
aggregation of small amounts of information from many sources to derive an
overall picture of an organization.
Complexity: Attacks of this sort are
relatively easy to create. Mathematical analysis of the general class of
salami attacks has not been done but it seems likely to be similar in
complexity to analysis of data aggregation effects.