What is a salami attack?

  • Can someone give a clear definition of a Salami Attack? In the book Security in Computing (4th Edition) by Charles P. Pfleeger.

    It is stated as a attack to data integrity and I quote the passage:

    Data Integrity

    Stealing, buying, finding, or hearing data requires no computer sophistication, whereas modifying or fabricating new data requires some understanding of the technology by which the data are transmitted or stored, as well as the format in which the data are maintained. Thus, a higher level

    The most common sources of this kind of problem are malicious programs, errant file system utilities, and flawed communication facilities.Data are especially vulnerable to modification. Small and skillfully done modifications may not be detected in ordinary ways. For instance, we saw in our truncated interest example that a criminal can perform what is known as a salami attack: The crook shaves a little from many accounts and puts these shavings together to form a valuable result, like the meat scraps joined in a salami.

    Can someone give me a better definition of What is a Salami Attack? And what are the Methods to prevent it?

  • limbenjamin

    limbenjamin Correct answer

    6 years ago

    Nope, I don't think @munkeyoto has got the right idea.

    The following passage is from Bruce Schneier's Secret And Lies.

    There’s the so-called salami attack of stealing the fractions of pennies, one slice at a time, from everyone’s interest-bearing accounts; this is a beautiful example of something that just would not have been possible without computers.

    A salami attack is a small attack that can be repeated many times very efficiently. Thus the combined output of the attack is great. In the example above, it refers to stealing the round-off from interest in bank accounts. Even though it is less than 1 cent per account, when multiplied by millions of accounts over many months, the adversary can retrieve quite a large amount. It is also less likely to be noticable since your average customer would assume that the amount was rounded down to the nearest cent.

    The chained exploits that munkeyoto is referring to is a series of different exploits each having a small impact but when combined, has a large impact.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM