基于建筑信息模型的楼宇自动化网络信任区域形成

2020 IEEE Global Conference on Artificial Intelligence and Internet of Things (GCAIoT) Pub Date : 2020-12-12 DOI:10.1109/GCAIoT51063.2020.9345857

A. Wall, Björn Butzin, D. Timmermann

{"title":"基于建筑信息模型的楼宇自动化网络信任区域形成","authors":"A. Wall, Björn Butzin, D. Timmermann","doi":"10.1109/GCAIoT51063.2020.9345857","DOIUrl":null,"url":null,"abstract":"Modern Building Automation Systems (BAS) consist of sensors and actuators that are connected via an IP-based network and offer their functionality via RESTful APIs. Because a single device can be exploited by an attacker to perform attacks within the local network, we put devices into isolated groups. These groups are isolated MAC-layer Trust Zones to reduce the attack surface in contrast to a BAS with fully connected devices. We propose an algorithm that leverages the so far neglected potential of Building Information Modeling (BIM) to compute Trust Zones. We assure unimpaired operation of all applications while limiting the number of infrastructure devices. The proposed mechanisms are demonstrated considering sensors and actuators that are connected via wired Ethernet and the IEEE 802.11s WLAN mesh standard. At the application layer we make exemplary use of the Constrained Application Protocol (CoAP). Finally, we experimentally evaluate the device acquisition and selection based on our network partitioning algorithm.","PeriodicalId":398815,"journal":{"name":"2020 IEEE Global Conference on Artificial Intelligence and Internet of Things (GCAIoT)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Trust Zone Formation for Building Automation Networks Using Building Information Modeling\",\"authors\":\"A. Wall, Björn Butzin, D. Timmermann\",\"doi\":\"10.1109/GCAIoT51063.2020.9345857\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern Building Automation Systems (BAS) consist of sensors and actuators that are connected via an IP-based network and offer their functionality via RESTful APIs. Because a single device can be exploited by an attacker to perform attacks within the local network, we put devices into isolated groups. These groups are isolated MAC-layer Trust Zones to reduce the attack surface in contrast to a BAS with fully connected devices. We propose an algorithm that leverages the so far neglected potential of Building Information Modeling (BIM) to compute Trust Zones. We assure unimpaired operation of all applications while limiting the number of infrastructure devices. The proposed mechanisms are demonstrated considering sensors and actuators that are connected via wired Ethernet and the IEEE 802.11s WLAN mesh standard. At the application layer we make exemplary use of the Constrained Application Protocol (CoAP). Finally, we experimentally evaluate the device acquisition and selection based on our network partitioning algorithm.\",\"PeriodicalId\":398815,\"journal\":{\"name\":\"2020 IEEE Global Conference on Artificial Intelligence and Internet of Things (GCAIoT)\",\"volume\":\"66 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE Global Conference on Artificial Intelligence and Internet of Things (GCAIoT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/GCAIoT51063.2020.9345857\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Global Conference on Artificial Intelligence and Internet of Things (GCAIoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GCAIoT51063.2020.9345857","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

现代楼宇自动化系统(BAS)由传感器和执行器组成，它们通过基于ip的网络连接，并通过RESTful api提供功能。由于攻击者可以利用单个设备在本地网络中执行攻击，因此我们将设备放入隔离的组中。与具有完全连接设备的BAS相比，这些组是隔离的mac层Trust zone，以减少攻击面。我们提出了一种算法，利用迄今为止被忽视的建筑信息模型(BIM)的潜力来计算信任区域。我们保证所有应用程序的正常运行，同时限制基础设施设备的数量。考虑到通过有线以太网和IEEE 802.11s WLAN mesh标准连接的传感器和执行器，演示了所提出的机制。在应用层，我们示范使用约束应用协议(CoAP)。最后，我们对基于网络划分算法的设备采集和选择进行了实验评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Trust Zone Formation for Building Automation Networks Using Building Information Modeling

Modern Building Automation Systems (BAS) consist of sensors and actuators that are connected via an IP-based network and offer their functionality via RESTful APIs. Because a single device can be exploited by an attacker to perform attacks within the local network, we put devices into isolated groups. These groups are isolated MAC-layer Trust Zones to reduce the attack surface in contrast to a BAS with fully connected devices. We propose an algorithm that leverages the so far neglected potential of Building Information Modeling (BIM) to compute Trust Zones. We assure unimpaired operation of all applications while limiting the number of infrastructure devices. The proposed mechanisms are demonstrated considering sensors and actuators that are connected via wired Ethernet and the IEEE 802.11s WLAN mesh standard. At the application layer we make exemplary use of the Constrained Application Protocol (CoAP). Finally, we experimentally evaluate the device acquisition and selection based on our network partitioning algorithm.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 IEEE Global Conference on Artificial Intelligence and Internet of Things (GCAIoT)

自引率

0.00%

发文量