FAQ - What should I read?

What should I read initially?

There will project-specific pieces of literature that I will give you first pointers to. From those, you can expand your literature list from those paper's references as well as searching on the Internet. If you are working in a well-established field, there will be entire books on the subject with a systematic treatment. Get one from the library.

  • Google Scholar and Microsoft Academic Search are your friends. Use them!
  • Once you've the first pieces of literature for the topic, look at their references to expand your view of the field (backwards search).
  • Summary papers and related work sections of good PhD theses can provide a great overview.
  • What are the most important conferences and journals for that topic? Special-purpose workshops?
  • Who were the founders of that field? Who are the principal researchers?
  • Who are the giants on whose shoulders you will stand?
  • Use DBLP and Google Scholar/Microsoft Academic Search author pages to find more publications of particular people.


There are some papers and books that have shaped the entire field of security, privacy, cryptography and formal methods. It's very beneficial to read those classic works to understand the thinking, concepts, metaphors and problem representations of our art. This is not limited to seminal papers, but includes ways of reasoning, e.g., how to do an induction proof, how to reduce one problem class to another, or how to construct a simulator.

Have a look at the reading list of our security wiki for a list of interesting classical papers.