Reference Books on Computer Security, Internet Security, and Applied Cryptography.
The names used for subdisciplines related to computer security vary, and are often conflated.
As a general roadmap, common subdisciplines are (representative topics are listed in brackets):
computer security (user authentication, remote access, access control, OS security);
applied cryptography (encryption, digital signatures, hash functions, key management protocols);
network-based security (firewalls, intrusion detection, TCP/IP);
software security (buffer overflows, web and browser security);
malware (worms, viruses, botnets, ransomware).
The term "information security" often signals a cryptography-centered
view of security (with main focus on securing data or information, versus software and systems).
Below are some resources that security students may find helpful.
They are grouped by rough category.
Computer security (often including overviews of network security, and cryptography):
- Paul van Oorschot,
Computer Security and the Internet: Tools and Jewels
(2020, Springer). Personal use copy freely available on author's web site.
- Wenliang Du, Computer Security: A Hands-on Approach (2017, self-published).
Updated May 2019.
- Stallings and Brown,
Security: Principles and Practice, 3/e (2014, Prentice Hall).
- Dieter Gollmann, Computer
Security, 3/e (2011, Wiley).
Elementary Information Security (2011, Jones & Bartlett Learning).
- Mark Stamp, Information
Security: Principles and Practice, 2/e (2011, Wiley).
- Goodrich and Tamassia,
Introduction to Computer Security
Smith and Marchesini,
Craft of System Security (2007, Addison-Wesley).
- Pfleeger and Pfleeger, Security
in Computing, 4/e (2007, Prentice Hall).
- Matt Bishop,
Computer Security: Art and Science (2002, Addison-Wesley).
Shorter version which "omits much of the mathematical formalism":
Introduction to Computer Security (2005, Addison-Wesley).
Applied cryptography and network security:
- Menezes, van Oorschot and Vanstone, Handbook of Applied
Cryptography (1996, CRC Press; 2001 with corrections), free online for personal use.
- Keith M. Martin, Everyday Cryptography (2017, 2/e; Oxford University Press).
- Kaufman, Perlman and Speciner, Network
Security: Private Communications in a Public World, second edition
(2003, Prentice Hall).
- William Stallings, Cryptography
and Network Security: Principles and Practice, 5/e
(2010, Prentice Hall). Relative to this book's 4th edition,
the network security components and an extra chapter on
SNMP are also packaged as Stallings'
Network Security Essentials: Applications and Standards,
3/e (2007, Prentice Hall).
Security in the real-life systems (including anecdotes):
- Ross Anderson, Security
Engineering: A Guide to Building Dependable Distributed Systems, 2/e
(2008, Wiley). The first edition (2001) is available free online.
- Bruce Schneier. Secrets and Lies: Digital Security in a Networked
World (2000, Wiley).
Bitcoin and cryptocurrencies:
- Narayanan et al., Bitcoin and cryptocurrency technologies: A comprehensive
introduction (2016, Princeton University Press). Free
pre-publication PDF available from the author's home page.
- Andreas M. Antonopoulos, Mastering Bitcoin: Unlocking Digital
Cryptocurrencies (Dec 2014, O'Reilly; 2/e 2017).
First edition free online.
Operating system security:
Trent Jaeger, Operating
System Security (2008, Morgan and Claypool).
- Saltzer and Kaashoek,
of Computer System Design (2009, Morgan Kaufmann). Free
online chapters include
Ch.11: Information Security.
- Morrie Gasser, Building a Secure Computer System (1988, Van Nostrand Reinhold).
Recommended for security kernels.
Perhaps the first comprehensive technical book on computer security.
A "definitive reference" (Roger Schell's foreword).
- Mark Dowd, John McDonald, Justin Schuh, The
Art of Software Security Assessment: Identifying and Preventing
Software Vulnerabilities (2007, Addison-Wesley).
- Viega and McGraw, Building
Secure Software (2001, Addison-Wesley).
- Howard and LeBlanc,
Code, second edition (2002, Microsoft Press).
Web security, mobile code security, malicious code:
- Michal Zalewski, The Tangled Web: A Guide to
Securing Modern Web Applications (2011, No Starch Press).
- OWASP project online resources.
- McGraw and Felton, Securing
Java: Getting Down to Business with Mobile Code (1999,
Wiley). First edition (1997): Java Security. Free online web edition.
- Lincoln Stein, Web Security: A Step-By-Step Reference Guide (1998, Addison-Wesley).
- Rubin, Geer and Ranum, Web Security Sourcebook: A
Complete Guide to Web Security Threats and Solutions (1997, Wiley).
- Avi Rubin, White-Hat Security Arsenal (2001, Addison-Wesley).
Firewalls and network (Internet) security:
- Zwicky, Cooper, Chapman (2000, second edition)
Building Internet Firewalls
- Cheswick and Bellovin, Firewalls and Internet Security,
1/e (Addison-Wesley, 1994; free online for personal use).
Second edition with Rubin (Feb.2003).
- Boyle and Panko,
Corporate Computer Security, 3/e (2013, Prentice Hall).
See also: Panko,
Computer and Network Security, 2/e (2009, Prentice Hall).
Security infrastructures and digital signatures:
- Adams and Lloyd, Understanding
Public-Key Infrastructure, 2/e (Macmillan Technical,
- Housley and Polk, Planning
for PKI: Best Practices Guide for Deploying Public Key
Infrastructures (Wiley, 2001).