Reference Books on Computer Security, Internet Security, and Applied Cryptography.

The names used for subdisciplines related to computer security vary, and are often conflated. As a general roadmap, common subdisciplines are (representative topics are listed in brackets): computer security (user authentication, remote access, access control, OS security); applied cryptography (encryption, digital signatures, hash functions, key management protocols); network-based security (firewalls, intrusion detection, TCP/IP); software security (buffer overflows, web and browser security); malware (worms, viruses, botnets, ransomware). The term "information security" often signals a cryptography-centered view of security (with main focus on securing data or information, versus software and systems). -pvo

Below are some resources that security students may find helpful. They are grouped by rough category.
    Computer security (often including overviews of network security, and cryptography):

  1. Paul van Oorschot, Computer Security and the Internet: Tools and Jewels (2020, Springer). Personal use copy freely available on author's web site.
  2. Wenliang Du, Computer Security: A Hands-on Approach (2017, self-published). Updated May 2019.
  3. Stallings and Brown, Computer Security: Principles and Practice, 3/e (2014, Prentice Hall).
  4. Dieter Gollmann, Computer Security, 3/e (2011, Wiley).
  5. Smith, Elementary Information Security (2011, Jones & Bartlett Learning).
  6. Mark Stamp, Information Security: Principles and Practice, 2/e (2011, Wiley).
  7. Goodrich and Tamassia, Introduction to Computer Security (2010, Addison-Wesley).
  8. Smith and Marchesini, The Craft of System Security (2007, Addison-Wesley).
  9. Pfleeger and Pfleeger, Security in Computing, 4/e (2007, Prentice Hall).
  10. Matt Bishop, Computer Security: Art and Science (2002, Addison-Wesley). Shorter version which "omits much of the mathematical formalism": Introduction to Computer Security (2005, Addison-Wesley).

    Applied cryptography and network security:

  11. Menezes, van Oorschot and Vanstone, Handbook of Applied Cryptography (1996, CRC Press; 2001 with corrections), free online for personal use.
  12. Keith M. Martin, Everyday Cryptography (2017, 2/e; Oxford University Press).
  13. Kaufman, Perlman and Speciner, Network Security: Private Communications in a Public World, second edition (2003, Prentice Hall).
  14. William Stallings, Cryptography and Network Security: Principles and Practice, 5/e (2010, Prentice Hall). Relative to this book's 4th edition, the network security components and an extra chapter on SNMP are also packaged as Stallings' Network Security Essentials: Applications and Standards, 3/e (2007, Prentice Hall).

    Security in the real-life systems (including anecdotes):

  15. Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2/e (2008, Wiley). The first edition (2001) is available free online.
  16. Bruce Schneier. Secrets and Lies: Digital Security in a Networked World (2000, Wiley).

    Bitcoin and cryptocurrencies:

  17. Narayanan et al., Bitcoin and cryptocurrency technologies: A comprehensive introduction (2016, Princeton University Press). Free pre-publication PDF available from the author's home page.
  18. Andreas M. Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies (Dec 2014, O'Reilly; 2/e 2017). First edition free online.

    Operating system security:

  19. Trent Jaeger, Operating System Security (2008, Morgan and Claypool).
  20. Saltzer and Kaashoek, Principles of Computer System Design (2009, Morgan Kaufmann). Free online chapters include (pdf) Ch.11: Information Security.
  21. Morrie Gasser, Building a Secure Computer System (1988, Van Nostrand Reinhold). PDF online. Recommended for security kernels. Perhaps the first comprehensive technical book on computer security. A "definitive reference" (Roger Schell's foreword).

    Software security:

  22. Mark Dowd, John McDonald, Justin Schuh, The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (2007, Addison-Wesley).
  23. Viega and McGraw, Building Secure Software (2001, Addison-Wesley).
  24. Howard and LeBlanc, Writing Secure Code, second edition (2002, Microsoft Press).

    Web security, mobile code security, malicious code:

  25. Michal Zalewski, The Tangled Web: A Guide to Securing Modern Web Applications (2011, No Starch Press).
  26. OWASP project online resources.
  27. McGraw and Felton, Securing Java: Getting Down to Business with Mobile Code (1999, Wiley). First edition (1997): Java Security. Free online web edition.
  28. Lincoln Stein, Web Security: A Step-By-Step Reference Guide (1998, Addison-Wesley).
  29. Rubin, Geer and Ranum, Web Security Sourcebook: A Complete Guide to Web Security Threats and Solutions (1997, Wiley).
  30. Avi Rubin, White-Hat Security Arsenal (2001, Addison-Wesley).

    Firewalls and network (Internet) security:

  31. Zwicky, Cooper, Chapman (2000, second edition) Building Internet Firewalls
  32. Cheswick and Bellovin, Firewalls and Internet Security, 1/e (Addison-Wesley, 1994; free online for personal use). Second edition with Rubin (Feb.2003).
  33. Boyle and Panko, Corporate Computer Security, 3/e (2013, Prentice Hall). See also: Panko, Corporate Computer and Network Security, 2/e (2009, Prentice Hall).

    Security infrastructures and digital signatures:

  34. Adams and Lloyd, Understanding Public-Key Infrastructure, 2/e (Macmillan Technical, 2002).
  35. Housley and Polk, Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures (Wiley, 2001).
Miscellaneous resources: