what is math based computer security and how might one get into it? can it be used in the field of computer forensics? i am currently doing my computer engineering. could this be a good start? what would i have to do after this?
Check out cryptography, public/privtae key algoriths, stuff along those lines. That's the main obvious maths/security link to me.
Forensics, from my very small experience, please correct me if you feel I am wrong, does not require a really high math based level. Obviously maths is fundamental! Considerably helps for understanding hard drives, reading hex, binary, calculating sums with hex and sectors that kind of thing is used.
I think cryptography is a big field you should look at.
Sorry if people feel this maybe wrong, I'm still a minnow in the field!! )
As well as Cryptography, Mathematics has alot to do with Computing Science and as such Computer Security. For example, all the well researched and proven security models one sees utilised in industry are derived from proven mathematical logic
Biba Integrity Model
Bell-LaPadula Model
DAC
MAC
Hybrid
Computer Security Art and Science by Matt Bishop will give you an excellent grounding in this discipline
An example
http//
I recall in software engineering classes back in Uni, that a limited number of the programming languages were mathematically provable in terms of operation. The C language for example has routines that have undefined behaviours under certain conditions, whereas Modula2 defined all behaviours. In the event that an unexpected value was passed to the operation, the function would return a known value indicating failure. Once upon a time, certain activities like nuclear reactors and some military applications had to be mathematically provable. You couldn't have a reactor meltdown because some idiot moved a floating point outside the expected range.
I hope I'm remembering this properly, since it was about '95 when I was studying this, but only 2 languages at the time had this ability to have their code mathematically proven. I can't for the life of me remember what the other one was.
Once upon a time, certain activities like nuclear reactors and some military applications had to be mathematically provable.
I know some folks who write embedded software for critical aircraft instrumentation. They have to rigorously prove all branches of their code are necessary and execute as intended. The software language they are using does not have to have that level of proof, just the code they produce.
Clearly the standards have been lowered unless these guys are writing code in assembly / machine language, although the applications I remember learning about were UK govt standards, and US/commercial standards tend to be lower on these things.
I always understood the intent was to make the user prove the particular function calls, including language library calls, used are robust without imposing the need to prove out the entire language and its untouched libraries. I do know that if they update their compiler they have to start all their software certification from scratch for any project build.
Of course, at least here in the States, it usually takes several revisions before the intention is properly worded and regulated…