Covert and side channels in buildings and the prototype of a building-aware active warden

Covert channels and side channels are barely discussed topics in the area of building automation. We define a building in the context of multilevel security (MLS) and show that covert channels and side channels exist in building automation. Additionally, we present a system called the building-aware active warden to eliminate covert/side storage channels in building automation systems (BAS). Active wardens aim to remove malicious (covert) elements in communications and are a well-known means from the area of network covert channels and steganography. Within the last years, new models, such as the network-aware active warden, were developed. The presented building-aware active warden is an adoption of the concept of a network-aware active warden to building automation. Building-aware active wardens modify or drop building automation commands as well as building information requests from users based on their security levels to enhance a building´s security. We extended an interoperable system for building automation supporting hardware from two vendors for the purpose of a building-aware active warden and for providing an unified application programming interface.