This project focuses on network control systems for buildings, typically called Building Automation Systems (BASs). BASs are increasingly used for the control of lighting, HVAC (i.e., heating, ventilation, and air conditioning), and (physical) security, in modern "smart" buildings and are extending their functionality to include advanced features like resource location and mesh networking. Opening such systems to the enterprise network and Internet entails significant risks for compromise and malicious activities while the benefits offer new capabilities for flexibility, survivability, and affordability. Networked computer control systems enhance the convenience and functionality of controlling physical processes. Security of such systems is often by isolating the control network from compromised computers but there are costs to this strategy and this kind of protection is insufficient. Better solutions will depend upon the type of control system and the context of its usage such as for vehicles, power transmission grids and factory automation.
This research project begins with an examination of the way in which well-known techniques in computer security can be specialized to improve the connectivity of BASs without exposing them to undue risk. Specifically, the project will develop techniques for perimeter control, privacy and insider threats, and audit and intrusion detection for commercial BASs. The objective of this project is to show that perimeter control for such systems can profitably exploit a tiered system based on servers that divide responsibility between application support and control-system command processing.