A Reading List

Computer security is not merely a technical field. Knowing about people, and about societies, guides the application of the technical material. During this class we'll often refer to an eclectic collection of books that teach lessons we can apply to computer security. Here's a list of those books, and some others you might find fun. Please let us know if you know of other books we should add (especially non-technical ones)!

Non-Technical Books

• Saul Alinsky, Reveille for Radicals, Vintage Books
  The classic analysis of organization for social improvement. Many of the techniques Alinsky discusses can be adapted to attacking systems--or defending them.
• Saul Alinsky, Rules for Radicals, Vintage Books
  How the Have-Nots can organize to change society. Like Alinsky's other book, the rules are applicable to computer security.
• James Bamford, The Puzzle Palace, Viking Press
  A book on the history of the NSA.
• Alfred Bester, The Demolished Man, Vintage Books
  The struggle between the killer Ben Reich, the 24th century's richest man, and Lincoln Powell, the police prefect with ESP, is like a cat-and-mouse game between an attacker and computer security folks. This classic science fiction book won the first Hugo for Best Novel. Bester was named a Grand Master of science fiction.
• John Brunner, The Shockwave Rider, Ballantine Books
  A science fiction novel about a future in which data about everyone is stored in a ubiquitous information network. Many of the terms used with malicious logic, such as virus, were first used here.
• James Burton, The Pentagon Wars, United States Naval Institute
  A study of how a group of reformers tried to test and improve some weaponry, and what happened. A wonderful and eye-opening description of bureaucratic in-fighting.
• Dorothy Denning, Information Warfare and Security, Addison-Wesley Publishing Company
  Good background on issues we discuss in class, nice presentation.
• Jean Guisnel, Cyberwars: Espionage on the Internet, Plenum Press
  Written by a Frenchman, so an interesting non-US perspective.
• Niccolò Machiavelli, The Prince, Penguin Books
  Its study of rulers applies not only to princes, but also to organizations and environments in general.
• Eric Frank Russell, Wasp, Tor Books
  A science fiction novel in which a lone agent is dropped on an enemy planet. His job: cause chaos. He does.
• Neal Stephenson, Cryptonomicon, Avon Books
  Good discussion of World War II cryptography, and real world/wartime issues involving security of communications, etc. Great mathematical perspective.
• Neal Stephenson, Snow Crash, Spectra Books
  This one's more marginally computer security related, but it has a virtual reality interface figuring prominently into the plot, and deals with issues of networking through metaphor.
• Sun Tzu, The Art of War, Delta
  A classic text on warfare. Many of its principles can be translated into cyberwarfare.
• Vernor Vinge, Fire Upon the Deep, Tor Books
  Superb science fiction book with computer security applications.
• Vernor Vinge, True Names, Tor Books
  First real cyberpunk book; Gibson got credit for this sort of work.

Technical Books

• Bruce Schneier, Applied Cryptography, Second Edition, John Wiley and Sons
  A comprehensive introduction to cryptography. The mathematics is basic, but the book presents sophisticated algorithms. It's also well written and easy to understand.
• Simson Garfinkel, Gene Spafford, ad Alan Schwartz, Practical UNIX and Internet Security, Third Edition, O'Reilly and Associates
  An excellent book on UNIX security.
• Charlie Kaufman, Radia Perlman, Mike Speciner, Network Security: Private Communications in a Public World, Prentice-Hall Publishing Company
  Excellent examples of DES and a very readable textbook, without skimping too terribly much on details.

Contributors to the List

• Matt Bishop, ECS 153 instructor (numerous times)
• Tom Walcott, ECS 153 teaching assistant (Fall 1999, Fall 2000)
• you?