Related Resources

Amazon logo Help support MIT OpenCourseWare by shopping at! MIT OpenCourseWare offers direct links to to purchase the books cited in this course. Click on the book titles and purchase the book from, and MIT OpenCourseWare will receive up to 10% of all purchases you make. Your support will enable MIT to continue offering open access to MIT courses.

This section provides network and computer security research resources.

Security Books

We give a brief comment about the content of each book. For the serious student, we have starred the books which are most relevant.

*Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, October, 1996. Pages: 816. ISBN: 0849385237. Reprinted (5th printing) in August 2001.
This is a very comprehensive book. The best part is that you can download this book online! The hardcopy is very convenient though.

*Schneier, Bruce. Applied Cryptography. 2nd ed. New York, NY: John Wiley & Sons, 1996. Pages: 784. ISBN: 0471117099. [also available for purchase on]
This is the best book to read for an introduction to applied security and cryptography. There is much less math than the book by Menezes et al. Sometimes statements are made without much justification, but no other book even compares to this comprehensive introduction to cryptography. The bibliography alone is worth buying the book.

*Anderson, Ross. Security Engineering - A Guide to Building Dependable Distributed Systems. New York, NY: John Wiley & Sons, 2001. ISBN: 0471389226.
An excellent book on security in real world systems.

Stinson, Douglas R. Cryptography Theory and Practice. CRC Press, Inc., March 1995. Reprinted in 1996. ISBN: 0849385210.
This used to be required for 6.875, the theory of cryptography class at MIT.

Schneier, Bruce. Secrets and Lies -- Digital Security in a Networked World. New York, NY: John Wiley & Sons, 2000. Pages: 432. ISBN: 0471253111.
Schneier used to advocate good cryptography as the solution to security problems. He has since changed his mind. Now he talks about risk management and cost-benefit analysis.

Rescorla, Eric. SSL and TLS: Designing and Building Secure Systems. Reading, MA: Addison-Wesley, 2000. ISBN: 0201615983. [also available for purchase on]
The only book you need to read to learn about the evolution, politics, and bugs in the development of SSL. Eric's a swell guy too; buy his book.

Neumann, Peter. Computer Related Risks. Reading, MA: ACM Press / Addison-Wesley, 1994. ISBN: 020155805X. SRI International Computer Science Laboratory. [also available for purchase on]
Power grid failures. Train collisions. Primary and backup power lines blowing up simultaneously. These events aren't supposed to happen! Neumann offers a plethora of stories about the risks and consequences of technology, gathered from his Risks mailing list. On a side note, Neumann is also responsible for coming up with the pun/name, "Unix®."

Nielsen, Jakob. Usability Engineering. San Francisco, CA: Morgan Kaufmann Publishers Inc., 1993. ISBN: 0125184069. [also available for purchase on]
There are a lot of non-intuitive GUIs out there for security products. Anyone making a security product for use by humans should learn about principles of smart GUIs.

Kaufman, Charlie, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World. 2nd ed. Upper Saddle River, NJ: Prentice Hall, 2002. ISBN: 0130460192.
The authors discuss network security from a very applied approach. There is a lot of discussion about real systems, all the way down to the IETF RFCs and the on-the-wire bit representations. The authors also have a fun, informal style.

Garfinkel, Simson, and Gene Spafford. Web Security, Privacy & Commerce. 2nd ed. O'Reilly, November 2001. ISBN: 0596000456.
It's hard to keep up with all the security software out there. But these authors do a good job documenting it all. After many years in the real world, Garfinkel recently joined the MIT Lab for Computer Science as a graduate student.

Kahn, David. The Codebreakers. Simon & Schuster, 1996. ISBN: 0684831309.

Security Conferences


Most of the reading material in 6.857 comes from conferences on computer and network security. Here is a list of the papers we hope to discuss; we won't have time for everything. Send us a note if you see a paper that greatly interests you.


  • Security courses at other institutions.
  • comp.risks archive via UseNet contains the latest few issues, it can also be browsed via Discuss
  • sci.crypt archive via UseNet contains discussion of cryptography. A lot of the stuff is questions by people unfamiliar with the topic or just starting out, but there are sometimes useful postings in there too.
  • Ron Rivest's Cryptography Page has lots of links.
  • CERT is responsible for helping disseminate information on security problems with computer systems.
  • Phrack is an electronic publication aimed at electronic hackers. Read and enjoy, but don't abuse.
  • alt.2600 is yet another hacker publication, which also has a Web page.