A Robust Implementation of a Building Resources Access Rights Management System
A Smart Building Controller (SBC) is a server software that offers secured access to a pool of building specific resources, executes monitoring tasks and performs automatic administration of a building, thus optimizing the exploitation cost and maximizing comfort. This paper brings to discussion the issues that arise with the secure exploitation of the SBC administered resources and proposes a technical solution to implement a robust secure access system based on roles, individual rights and privileges (special rights).
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1100324Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1326
 “Basics of BACnet”, http://kargs.net, 2014.
 ANSI/ASHRAE STANDARD Addendum 135-2001, “BACnet ® — A Data Communication Protocol for Building Automation,” 2004.
 Contemporary Control Systems Inc., “BAS automation - Building on BACnet,” 2013.
 Z. W. Z. Wang, X. L. X. Liu, and S. W. S. Wu, BACnet intelligent home supervisory control system based on multi-agent, vol. 2. 2005, pp. 761– 764.
 W. Kastner, G. Neugschwandtner, S. Soucek, and H. M. Newman, “Communication Systems for Building Automation and Control,” vol. 93, no. 6, 2005.
 R. H. Weber, “Internet of Things – New security and privacy challenges,” Comput. Law Secur. Rev., vol. 26, no. 1, pp. 23–30, Jan. 2010.
 R. Ausanka-Cures, “Methods for access control: advances and limitations,” Harvey Mudd Coll., 2001.
 E. Lee, “Cyber Physical Systems: Design Challenges,” 2008 11th IEEE Int. Symp. Object Component-Oriented Real-Time Distrib. Comput., pp. 363–369, May 2008.
 D. Basin, M. Clavel, J. Doser, and M. Egea, “Automated analysis of security-design models,” Inf. Softw. Technol., vol. 51, no. 5, pp. 815– 831, May 2009.
 S. D. Gribble, “Robustness in complex systems,” Proc. Eighth Work. Hot Top. Oper. Syst., pp. 21–26.
 D. Ferraiolo and D. Kuhn, “Role-based access controls,” Natl. Comput. Secur. Conf., no. 15, pp. 554–563, 1992.
 R. S. Sandhu, D. Ferraiolo, and R. Kuhn, “The NIST Model for Role- Based Access Control: Towards A Unified Standard,” in 5th ACM Workshop on Role Based Access Control, 2012, pp. 47–63.
 R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, “Role- Based Access Control Models,” IEEE Comput., vol. 29, no. 2, pp. 38– 47, 1996.
 M. Nyanchama and S. Osborn, “Access Rights Administration in Role- Based Security Systems,” DBSec, pp. 1–23, 1994.
 S. Osborn, R. Sandhu, and Q. Munawer, “Configuring role-based access control to enforce mandatory and discretionary access control policies,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 2, pp. 85–106, May 2000.
 M. Nyanchama and S. Osborn, “Modeling Mandatory Access Control in Role-Based Security Systems,” DBSec, no. 1990, 1995.
 D. R. Kuhn, E. J. Coyne, and T. R. Weil, “Adding Attributes to Role- Based Access Control,” Computer (Long. Beach. Calif)., vol. 43, no. 6, pp. 79–81, Jun. 2010.
 D. Kuhn, “Vulnerability hierarchies in access control configurations,” Safe Config, IEEE, 2011.
 G. Stoneburner, C. Hayden, and A. Feringa, “Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A”, 2004.
 K. M. Khan and J. Han, “Assessing security properties of software components: a software engineer’s perspective,” Aust. Softw. Eng. Conf. ASWEC06, p. 10 pp.–210, 2006.
 H. A. Weber, “Role-Based Access Control: The NIST Solution,” InfoSec Read. Room, SANS Inst., 2003.
 N. Kern, C. Kesavan, and A. Daswani, “Foundations of Security,” Foundations of Security. Apress, pp. 3–24, 2007.
 A. Josang, B. AlFayyadh, T. Grandison, M. AlZomai, and J. McNamara, Security Usability Principles for Vulnerability Analysis and Risk Assessment, no. December. Ieee, 2007, pp. 269–278.
 D. R. Raymond and S. F. Midkiff, Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses, vol. 7, no. 1. IEEE, 2008, pp. 74–81.
 L. Meyer and W. T. Penzhorn, Denial of service and distributed denial of service-today and tomorrow, vol. 2. 2004.
 R. K. Guha, Z. Furqan, and S. Muhammad, Discovering Man-in-the- Middle Attacks in Authentication Protocols. Ieee, 2007, pp. 1–7.
 B. Aziz and G. Hamilton, Detecting Man-in-the-Middle Attacks by Precise Timing, vol. 0. Ieee, 2009, pp. 81–86.
 A. M. Hagalisletto, Errors in Attacks on Authentication Protocols. 2007, pp. 223 –229.
 P. R. Babu, D. L. Bhaskari, and C. Satyanarayana, “A Comprehensive Analysis of Spoofing,” Int. J. Adv. Comput. Sci. Appl., vol. 1, no. 6, pp. 157–162, 2010.
 R. Weber and R. Weber, Internet of things: legal perspectives. Springer- Verlag Berlin Heidelberg, 2010.