News Bits

Februray 5, 2003
Eugen Bacic ( wrote the memoriam below about the loss of our colleague Milan Kuchta last November.

Milan Steve Kuchta
In Memoriam

Born 22 December 1950, Chatham, Ontario.
Died 14 November 2002 at home in Ottawa, Ontario.

Milan attended the University of Western Ontario, obtaining an Engineering Science degree in 1972. He later followed this with a Masters degree in Electrical Engineering from Carleton University in 1982. However, in spite of his training in engineering, Milan considered himself a scientist, rather than an engineer. He found that his academic background and work experience further strengthened his beliefs and faith in God, and he was unimpressed by quasi-intellectual theories.

Although he shied away from public demonstrations of affection, Milan was a very warm-hearted and generous person, giving freely of his time to assist others. He had a strong sense of family, greatly enjoying all his nieces and nephews and spending time teaching and encouraging them. With his ever-present positive synergy, loyalty and willingness to provide assistance, whatever the challenge, not only was Milan well liked and admired by his colleagues, but regarded as a wonderful mentor. Everyone who knew Milan appreciated his laugh, accepting the fact that Milan's jokes were usually funnier to Milan than to anyone else. Yet they were always based upon his in-depth knowledge and understanding of the world as a whole. He could, however, be quite persistent, as was the case when he insisted that his eyes were fine, but that the lighting in restaurants was getting dimmer every year.

In 1974 Milan joined the Communications Security Establishment (CSE) and within a year was heading up the Cryptographic Design and Evaluation Unit. Realizing that information security was a new and rapidly emerging field Milan grew his section into the security authority in Canada and began making CSE's presence known in the field of information security. A regular at those early computer security conferences, Milan would in later years introduce new employees to the storied names of computer and information security. Anyone walking the halls of the Baltimore Congress Centre during the annual U.S. security conference would immediately realize that Milan not only knew security but was known in security.

By the mid 80's Milan began to realize that the CSE required an even larger presence in the Information Security arena and began drawing up plans for what was to become, in 1987, the Canadian System Security Centre (CSSC). His vision entailed hiring motivated staff willing to push the envelop in security, R&D, training, and criteria. Milan's desire to share ideas and see them come to fruition resulted in him granting his staff a huge degree of freedom. Working closely with various research laboratories at the NRC and Defence Research as an equal Milan was able to fund advanced projects that would result in the emergence of some of the best known names in computer security.

Milan left lasting impressions on staff and colleagues the world over. He knew and had the respect of leading computer security scientists in every industrialized nation on Earth. When, in the early 90s, Milan decided to host a series of workshops to fine tune what was to become the Canadian Trusted Computer Product Evaluation Criteria there was more than ample interest. In fact, dozens of the best security minds came up to Ottawa at Milan's bequest, in the middle of February, to assist Milan in his endeavour to create a modern evaluation criteria. With the assistance of his team Milan realized that vision, and many others. The work on the Canadian Criteria went on to be used as the basis for the US Federal Criteria and finally as the cornerstone for the Common Criteria. On both projects members of Milan's team were lead authors and contributors. To this day Milan is fondly remembered as someone who understood security and was willing to look far down the road and make security an enabling technology, something to improve everyone's life.

In 1995 Milan left the CSE and began research in the field of network autonomy and security as an independent consultant. He spent the next eight years of his life working on his vision of intelligent, interconnected network security components known as Ironman. Perhaps the most fitting tribute to him is the fact that on the day he died he excitedly discussed the possibilities his technology offered to the security world with an old colleague. He was looking forward to sharing his years of research with those that he respected and admired for nearly thirty years -- his second family, those individuals the world over that make up the information security community that he'd been a part of since 1974. One of Milan's colleges from the U.S. National Institute of Standards and Technology wrote: "Milan Kuchta was truly a pioneer and visionary in the field of computer and information security. His passion for his work and vision touched those around him and extended into the international community. Milan's leadership and spirit of cooperation significantly influenced the direction and outcome of some of our most important international information security standards and standards-related projects".

Growing up on a farm in southern Ontario Milan developed the interests, beliefs, and values that would form the guiding principles in his life. From his rural roots he gained an appreciation for nature, the outdoors, and wide-open spaces. The last seven years of his life were spent surrounded by nature in a house nestled on the shores of the Rideau River, a tranquil spot where he continued his work on computer security research.

Although Milan's interests ranged from playing and recording music to fast cars to computers it was his love of computer security that will be remembered by most who knew him. It is, therefore, with deep sadness that all of us in the security community wish to extend heartfelt sympathies to his family for their untimely loss.


Correspondence from the Zurich Information Security Center
March 14, 2003

Dear Colleague

The Zurich Information Security Center (ZISC) is happy to make three 
1. The ZISC Announcements Mailing List
2. The ZISC Fall School on Formal Security Engineering
3. The ZISC Information Security Colloquium

We would appreciate if you would forward this message to colleagues 
interested in information security, potentially through mailing lists 
you are subscribed to. This will allow us to only send messages to 
parties interested in ZISC events in the future, once they have had 
a chance to subscribe to the mailing list presented below.

1. The ZISC Announcements Mailing List

The ZISC Announcements mailing list is a moderated, low-traffic 
mailing list for ZISC-related announcements such as this one. Its 
main purpose is to inform its subscribers about upcoming events such 
as talks in a timely manner. You are invited to subscribe to it at

2. The ZISC Fall School on Formal Security Engineering

In late September, the ZISC is organizing a one-week course for 
scientists and engineers working in the field of information security. 
The speakers come from both academia and industry, including Freiburg 
University, the German Research Center for Artificial Intelligence 
(DFKI), IBM Research, Siemens, SRI International, Sun Microsystems 
Laboratories, and the Swiss Federal Institute of Technology Zurich 
(ETHZ).  The school is sponsored by the ETHZ. The fee for participants 
from industry is 1000 Swiss Francs, and there is no fee for participants 
from academia. Further information, including registration material, can 
be found at

3. The ZISC Information Security Colloquium

In the summer semester 2003, we are organizing an information security 
colloquium with 4 to 6 talks at the ETHZ. The talks are public, free of 
charge, and require no application.
Date, speaker, title, and abstract of the talks can be found at

Thank you for taking the time to read this message.
Paul E. SevinÁ, Zurich Information Security Center

Paul E. SevinÁ, Dipl. El.-Ing. ETH

Phones: +41  1 632 7250 (office)
        +41  1 450 8578 (home)
        +41 78 854 1773 (cell)


February 21, 2003

Correspondence from Zena Matilde Ariola []:

             Summer School on the Foundation of Security
                      Eugene, Oregon, USA 
                      June 16 - 27 , 2003 
  Martin Abadi      University of California at Santa Cruz
  Zena M. Ariola    University of Oregon
  Hugo Herbelin     INRIA 
  John Mitchell     Stanford University

Scientific committee: 
  Luca Cardelli          Microsoft Research, Cambridge 
  Pierre-Louis Curien    University of Paris 7
  Robert Harper          Carnegie Mellon University
  Catuscia Palamidessi   INRIA
  Frank Pfenning         Carnegie Mellon University 
  Benjamin Pierce        University of Pennsylvania

The summer school on the Foundation of Security is a two week
course for computer scientists and mathematicians interested in 
formal methods applied to software security. The program runs from 
Monday, June 16 to Friday, June 27, 2003.

Graduate students who wish to attend should send an application 
consisting of a short description of their educational background and 
one letter of reference to
We anticipate making available a number of grants to cover travel and 
lodging costs for qualified graduate students. 

For more information see
You can access information (including great pictures!) on last 
year summer school at

Preliminary program 

- Type Systems  
  Robert Harper - Carnegie Mellon University
- Inductive Types  
  Christine Paulin - INRIA

- Linear Logic   
  Pierre-Louis Curien - University of Paris 7

- Coinduction and bisimulation  
  Roy L. Crole   University of Leicester

- Formal methods and security 
  Catherine A. Meadows - Naval Research Laboratory 

- Cryptographic Protocols  
  Cedric Fournet - Microsoft Research, Cambridge 

- Language Based Information Security 
  Steve Zdancewic  - University of Pennsylvania 

- Typed Assembly Languages and Proof Carrying Code 
  David Walker - Princeton University 

- Global Computing  
  Vladimiro Sassone - University of Sussex 

- Linear Logic and Security  
  Iliano Cervesato - Naval Research Laboratory   



February 21, 2003

Correspondence from Jamil Farshchi []:


I recently wrote an article about Statistical Intrusion Detection systems. It explains the difference between a Rule-based and Statistical IDS, tells of the benefits of a stat IDS, as well as how to implement one with snort -- This document is currently being posted on the SANS web site but I can write a variation of it (or you can link to it if you so choose. I have attached the document for you to review in the event that you or your readers would be interested. I am also working on a wireless (802.11b and 802.11a) security document that may interest you as well.

Jamil D. Farshchi
Information Technology Security
NASA Office of Inspector General
Washington, DC 20546
Phone: 202.358.1897
Fax: 202.358.2990


February 5, 2003

Correspondence from Dr. Gerald Masson, Johns Hopkins Univeristy:


The Carolyn and Edward Wenk, Jr. Lecture in Technology and Public Policy

Date: Tuesday, April 22, 2003

Time: 3-4 PM, reception to follow

Location: Hodson Hall, Room 110, Homewood Campus

Speaker: Ross Anderson, University of Cambridge

Title: "Information Security and Public Policy"

Sponsors: JHU Whiting School of Engineering, Information Security Institute and Department of Computer Science For info:

RSVP: 410-516-4250



News Bits contains correspondence, interesting links, non-commercial announcements and other snippets of information the editor thought that Cipher readers might find interesting.