6.857: Computer and Network Security
Security books
We give a brief comment about the content of each book. For the
serious student, we have starred the books which are most relevant.
The starred books are also on reserve in the Barker Engineering
Library. You may send us suggestions if you find a security book
you find useful.
- ***
Mark Stamp. Information Security: Principles and Practice.
John Wiley & and Sons. 2006.
- Alfred Menezes, Paul van Oorschot, Scott Vanstone. Handbook of Applied Cryptography.
CRC Press. 1997.
This is a very comprehensive book. The best part is that you can
download this book
online! The hardcopy is very convenient though.
- Bruce Schneier. Applied
Cryptography, 2nd Edition. John Wiley & Sons. 1996.
This is the best book to read for an introduction to applied
security and cryptography. There is much less math than the book by
Menezes et al. Sometimes statements are made without much
justification, but no other book even compares to this comprehensive
introduction to cryptography. The bibliography alone is worth buying
the book.
- Ross Anderson. Security
Engineering. John Wiley & Sons. 2001.
An excellent book on security in real world systems.
- Douglas Stinson. Cryptography
Theory and Practice. CRC Press. 1995
This used to be required for 6.875, the theory of cryptography
class at MIT.
- Bruce Schneier. Secrets and Lies.
Schneier used to advocate good cryptography as the solution
to security problems. He has since changed his mind. Now he talks
about risk management and cost-benefit analysis.
- Eric Rescorla. SSL and
TLS: Designing and Building Secure Systems. Addison-Wesley.
2001.
The only book you need to read to learn about the evolution,
politics, and bugs in the development of SSL. Eric's a swell guy too;
buy his book.
- Peter Neumann. Computer
Related Risks. Addison-Wesley. 1995.
Power grid failures. Train collisions. Primary and backup power
lines blowing up simultaneously. These events aren't supposed to
happen! Neumann offers a plethora of stories about the risks and
consequences of technology, gathered from his Risks mailing list. On a
side note, Neumann is also responsible for coming up with the
pun/name, "Unix."
- Jakob Nielsen. Usability
Engineering. Academic Press. 1993.
There are a lot of non-intuitive GUIs out there for security
products. Anyone making a security product for use by humans should
learn about principles of smart GUIs.
- Charlie Kaufman, Radia Perlman, Mike Speciner. Network
Security: Private Communication in a Public World, 2nd Edition.
Prentice Hall. 2002.
The authors discuss network security from a very applied approach.
There is a lot of discussion about real systems, all the way down to
the IETF RFCs and the on-the-wire bit representations. The authors
also have a fun, informal style.
- Simson Garfinkel, Gene Spafford. Web Security, Privacy &
Commerce. O'Reilly. 2002.
It's hard to keep up with all the security software out there.
But these authors do a good job documenting it all. After
many years in the real world, Garfinkel recently
joined the MIT Lab for Computer Science as a graduate student.
- Kahn. The Codebreakers
Security Conferences
Papers
Most of the reading material in 6.857 comes from conferences on
computer and network security. Here is a list of the papers we hope
to discuss; we won't have time for everything. Send us a note
if you see a paper that greatly interests you.
Miscellaneous