Reference Books on Computer Security, Internet Security, and Applied Cryptography.
The names used for subdisciplines related to computer security vary, and are often conflated.
As a general roadmap, common subdisciplines are (representative topics are listed in brackets):
computer security (user authentication, remote access, access control, OS security);
applied cryptography (encryption, digital signatures, hash functions, key management protocols);
network-based security (firewalls, intrusion detection, TCP/IP);
software security (buffer overflows, web and browser security);
malware (worms, viruses, botnets, ransomware).
The term "information security" often signals a cryptography-centered
view of security (with main focus on securing data or information, versus software and systems).
-pvo
Below are some resources that security students may find helpful.
They are grouped by rough category.
Computer security (often including overviews of network security, and cryptography):
- Paul van Oorschot,
Computer Security and the Internet: Tools and Jewels
(2020, Springer). Personal use copy freely available on author's web site.
- Wenliang Du, Computer Security: A Hands-on Approach (2017, self-published).
Updated May 2019.
- Stallings and Brown,
Computer
Security: Principles and Practice, 3/e (2014, Prentice Hall).
- Dieter Gollmann, Computer
Security, 3/e (2011, Wiley).
- Smith,
Elementary Information Security (2011, Jones & Bartlett Learning).
- Mark Stamp, Information
Security: Principles and Practice, 2/e (2011, Wiley).
- Goodrich and Tamassia,
Introduction to Computer Security
(2010, Addison-Wesley).
-
Smith and Marchesini,
The
Craft of System Security (2007, Addison-Wesley).
- Pfleeger and Pfleeger, Security
in Computing, 4/e (2007, Prentice Hall).
- Matt Bishop,
Computer Security: Art and Science (2002, Addison-Wesley).
Shorter version which "omits much of the mathematical formalism":
Introduction to Computer Security (2005, Addison-Wesley).
Applied cryptography and network security:
- Menezes, van Oorschot and Vanstone, Handbook of Applied
Cryptography (1996, CRC Press; 2001 with corrections), free online for personal use.
- Keith M. Martin, Everyday Cryptography (2017, 2/e; Oxford University Press).
- Kaufman, Perlman and Speciner, Network
Security: Private Communications in a Public World, second edition
(2003, Prentice Hall).
- William Stallings, Cryptography
and Network Security: Principles and Practice, 5/e
(2010, Prentice Hall). Relative to this book's 4th edition,
the network security components and an extra chapter on
SNMP are also packaged as Stallings'
Network Security Essentials: Applications and Standards,
3/e (2007, Prentice Hall).
Security in the real-life systems (including anecdotes):
- Ross Anderson, Security
Engineering: A Guide to Building Dependable Distributed Systems, 2/e
(2008, Wiley). The first edition (2001) is available free online.
- Bruce Schneier. Secrets and Lies: Digital Security in a Networked
World (2000, Wiley).
Bitcoin and cryptocurrencies:
- Narayanan et al., Bitcoin and cryptocurrency technologies: A comprehensive
introduction (2016, Princeton University Press). Free
pre-publication PDF available from the author's home page.
- Andreas M. Antonopoulos, Mastering Bitcoin: Unlocking Digital
Cryptocurrencies (Dec 2014, O'Reilly; 2/e 2017).
First edition free online.
Operating system security:
-
Trent Jaeger, Operating
System Security (2008, Morgan and Claypool).
- Saltzer and Kaashoek,
Principles
of Computer System Design (2009, Morgan Kaufmann). Free
online chapters include
(pdf)
Ch.11: Information Security.
- Morrie Gasser, Building a Secure Computer System (1988, Van Nostrand Reinhold).
PDF online.
Recommended for security kernels.
Perhaps the first comprehensive technical book on computer security.
A "definitive reference" (Roger Schell's foreword).
Software security:
- Mark Dowd, John McDonald, Justin Schuh, The
Art of Software Security Assessment: Identifying and Preventing
Software Vulnerabilities (2007, Addison-Wesley).
- Viega and McGraw, Building
Secure Software (2001, Addison-Wesley).
- Howard and LeBlanc,
Writing Secure
Code, second edition (2002, Microsoft Press).
Web security, mobile code security, malicious code:
- Michal Zalewski, The Tangled Web: A Guide to
Securing Modern Web Applications (2011, No Starch Press).
- OWASP project online resources.
- McGraw and Felton, Securing
Java: Getting Down to Business with Mobile Code (1999,
Wiley). First edition (1997): Java Security. Free online web edition.
- Lincoln Stein, Web Security: A Step-By-Step Reference Guide (1998, Addison-Wesley).
- Rubin, Geer and Ranum, Web Security Sourcebook: A
Complete Guide to Web Security Threats and Solutions (1997, Wiley).
- Avi Rubin, White-Hat Security Arsenal (2001, Addison-Wesley).
Firewalls and network (Internet) security:
- Zwicky, Cooper, Chapman (2000, second edition)
Building Internet Firewalls
- Cheswick and Bellovin, Firewalls and Internet Security,
1/e (Addison-Wesley, 1994; free online for personal use).
Second edition with Rubin (Feb.2003).
- Boyle and Panko,
Corporate Computer Security, 3/e (2013, Prentice Hall).
See also: Panko,
Corporate
Computer and Network Security, 2/e (2009, Prentice Hall).
Security infrastructures and digital signatures:
- Adams and Lloyd, Understanding
Public-Key Infrastructure, 2/e (Macmillan Technical,
2002).
- Housley and Polk, Planning
for PKI: Best Practices Guide for Deploying Public Key
Infrastructures (Wiley, 2001).
Miscellaneous resources: