CS455/555 Fundamentals of Information Security

Instructor information

Instructor:W. Michael Petullo
Office location:210 Wing Technology Center
Physical office hours:2:15 p.m–3:15 every weekday
Telephone:(608) 785-6817

Catalog description

This course presents the fundamental concepts of information security. Basic policies, techniques, and tools for maintaining the security of host computers, information networks, and computer software are presented. Topics include encryption, authentication, access control, types of attacks and mitigations, software security, network security protocols, and the concepts of trust, privacy and ethics. Students are expected to compare security policies and techniques, apply concepts using modern tools and techniques, and explore recent security events.


CS 270, CS 340; junior standing.

Time and location

Tuesday and Thursday at 11:00 a.m.–12:25 p.m. in Centennial 2310

Student learning objectives

  • Understand and reason about the concepts of confidentiality, availability, and integrity in the context of information security problems and systems.

  • Understand and reason about different defense strategies including detection, recovery, deflection, deterrence, and prevention.

  • Understand that security applies to hardware, software, and data.

  • Understand and reason about authentication, access control, and privacy.

  • Describe the difference between security policy and practice.

  • Understand the concept of trust and how it related to security policy, security practice, and information assurance.

  • Explain the differences between sophisticated and unsophisticated attacks.

  • Understand several common attacks and be able to compare them; includes worms, viruses, denial of service, man-in-the-middle, buffer overflows, stack smashing, SQL injection, Trojan horses, keyloggers, phishing, back doors, rootkits, and bots.

  • Explain several specific attacks in detail from the exploit to detection and mitigation.

  • Explain how fuzzing can be used to detect vulnerabilities.

  • Explain how the operating system attempts to provide security including its use of address-space randomization, authentication, protection, and sandboxing.

  • Understand the structure of the web, the Internet, and common protocols such as IP, TCP, DNS, cookies, and XSS.

  • Understand security protocols and web security, including TLS/HTTPS.

  • Understand Internet authentication technologies, including X.509, Kerberos, and OAuth.

  • Understand and utilize popular encryption software and algorithms to encrypt and decrypt data.

  • Explain the differences between symmetric and asymmetric encryption.

  • Explain the features and limitations of encryption algorithms, including DES, AES, and RSA.


Classroom standards

Please be prepared to take notes using a pen and paper, or use discipline while taking digital notes. Do not use the Internet for personal reasons during class.

Perform your assigned reading and other preparation before arriving for class. I will expect you to participate in class discussions, and I might call on you to contribute.

You are reminded of Board of Regents' Student Academic Disciplinary Procedures concerning academic integrity. Cheating undermines the integrity of this university and shows disrespect towards the work of your classmates. Starting coursework early will help you to avoid the temptation of cheating. Plagiarism or cheating in any form may result in a failing grade, and might also warrant harsher disciplinary action. “Students are responsible for the honest completion and representation of their work, for the appropriate citation of sources, and for respect of others' academic endeavors.”

On perseverance and the scientific method

You will inevitably encounter problems while trying to complete your coursework. Sometimes you will be led astray by the confusing interfaces that our software applications present, and other times you will simply make an error. When something goes wrong, try to fix the problem! Make small, incremental changes, and observe their effects. Most importantly, think about how systems work, and then consider why the error you are observing might have arisen. Occasionally, you should stop what you are doing and start from scratch. Learning how to better troubleshoot should be a beneficial side effect of this course.

Graded events

Homework will be submitted through Aquinas, a grading system that provides immediate feedback. Refer to the course schedule for the sequence of homework assignments, exams, and the final exam. Your running grade will be available through Aquinas.

EventPortion of grade
Homework33% (3% per assignment)
Exams37% (18½% per exam)
Instructor points5%
Final exam25%

Grade scale

Grades are assigned based on the following scale.


Late policy

Assignments are due the moment class starts. Late assignments will lose points according to the table below.

Up to 24 hours late15% reduction
24–48 hours late30% reduction
More than 48 hours lateNo credit

If some external circumstance might cause you to be late, then you must notify your instructor in writing and before the assignment deadline in order to be considered for an exception. The act of notification does not automatically grant you an exception.

COVID-19 health statement

Students with COVID-19 symptoms or reason to believe they were in contact with COVID-19 should consult with a health professional, such as the Student Health Center. Students who are ill or engaging in self-quarantine at the direction of a health professional must not attend class. Students in this situation will not be required to provide formal documentation and will not be penalized for absences. However, students should: 

  • notify the instructor in advance of the absence, and provide him with an estimate of how long the absence might last;
  • keep up with classwork, if able;
  • submit assignments electronically;
  • work with the instructor to either reschedule or remotely complete exams, labs, and other academic activities; and
  • consistently communicate their status to the instructor during the absence. 

Instructors have an obligation to provide reasonable accommodation for completing course requirements to students adversely effected by COVID-19. This policy relies on honor, honesty, and mutual respect between instructors and students. Students are expected to report the reason for absence truthfully and instructors are expected to trust the word of their students. University codes of conduct and rules for academic integrity apply to COVID-19 situations. Students may be advised by their instructor or academic advisor to consider a medical withdrawal depending on the course as well as the timing and severity of the illness. Students should work with the Office of Student Life if pursuing a medical withdrawal.