Graduation Year


Document Type




Degree Name

Doctor of Philosophy (Ph.D.)

Degree Granting Department

Engineering Computer Science

Major Professor

Xinming Ou, Ph.D.

Committee Member

Jarred Ligatti, Ph.D.

Committee Member

Srinivas Katkoori, Ph.D.

Committee Member

Nasir Ghani, Ph.D.

Committee Member

Siva R. Rajagopalan, Ph.D.


Cyber-Physical Systems, Distributed System, Embedded System, Internet of Things, System Security


Building Automation System (BAS) is a complex distributed control system that is widely deployed in commercial, residential, industrial buildings for monitoring and controlling mechanical/electrical equipment. Through increasing industrial and technological advances, the control components of BAS are becoming increasingly interconnected. Along with potential benefits, integration also introduces new attack vectors, which tremendous increases safety and security risks in the control system. Historically, BAS lacks security design and relies on physical isolation and "security through obscurity". These methods are unacceptable with the "smart building" technologies. The industry needs to reevaluate the safety and security of the current building automation system, and design a comprehensive solution to provide integrity, reliability, and confidentiality on both system and network levels.

This dissertation focuses on the system level in the effort to provide a reliable computing foundation for the devices and controllers. Leveraged on the preferred security features such as, robust modular design, small privilege code, and formal verifiability of microkernel architecture, this work describes a security enhanced operating system with built-in mandatory access control and a proxy-based communication framework for building automation controllers. This solution ensures policy-enforced communication and isolation between critical applications and non-critical applications in a potentially hostile cyber environment.