CT-ISG: Security for Building Automation Systems

CT-ISG：楼宇自动化系统的安全

• 批准号: 0716421
• 负责人: Carl Gunter
• 金额: $ 50万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-09-01 至 2011-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0716421&HistoricalAwards=false
• 关键词: CT; ISG; Security; Building; Automation

This project focuses on network control systems for buildings, typically called Building Automation Systems (BASs). BASs are increasingly used for the control of lighting, HVAC (i.e., heating, ventilation, and air conditioning), and (physical) security, in modern "smart" buildings and are extending their functionality to include advanced features like resource location and mesh networking. Opening such systems to the enterprise network and Internet entails significant risks for compromise and malicious activities while the benefits offer new capabilities for flexibility, survivability, and affordability. Networked computer control systems enhance the convenience and functionality of controlling physical processes. Security of such systems is often by isolating the control network from compromised computers but there are costs to this strategy and this kind of protection is insufficient. Better solutions will depend upon the type of control system and the context of its usage such as for vehicles, power transmission grids and factory automation.This research project begins with an examination of the way in which well-known techniques in computer security can be specialized to improve the connectivity of BASs without exposing them to undue risk. Specifically, the project will develop techniques for perimeter control, privacy and insider threats, and audit and intrusion detection for commercial BASs. The objective of this project is to show that perimeter control for such systems can profitably exploit a tiered system based on servers that divide responsibility between application support and control-system command processing.

该项目的重点是楼宇网络控制系统，通常称为楼宇自动化系统（BAS）。 BAS越来越多地用于控制照明、HVAC（即，加热、通风和空调）和（物理）安全性，并且正在扩展其功能以包括诸如资源定位和网状网络之类的高级特征。向企业网络和互联网开放这些系统会带来重大的危害和恶意活动风险，同时带来的好处是提供了灵活性、生存性和可负担性方面的新功能。 网络化的计算机控制系统增强了控制物理过程的便利性和功能性。 这种系统的安全性通常是通过将控制网络与受损计算机隔离来实现的，但这种策略存在成本，并且这种保护是不够的。 更好的解决方案将取决于控制系统的类型及其使用环境，例如车辆，输电网和工厂自动化。本研究项目首先检查计算机安全中的知名技术可以专门用于提高BAS的连接性，而不会使其暴露于不必要的风险。 具体而言，该项目将开发用于边界控制、隐私和内部威胁以及商业BAS审计和入侵检测的技术。 这个项目的目标是表明，这种系统的周边控制可以利用一个分层系统的基础上，划分应用程序支持和控制系统命令处理之间的责任服务器。