BUILDING AUTOMATION

MODULE 3
SECURITY
SYSTEMS
SECURITY SYSTEM FUNDAMENTALS:
INTRODUCTION TO SECURITY SYSTEMS
• The most basic definition of any security system is found in its name.

literally a means or method by which something is secured through

a system of interworking components and devices
• Security systems can be interlocked to a building automation system

• Security has always remained a core and focued subsystem of entire BAS .

• Security systems could be considered as as an important and mandatory

section for overall BAS

• Security system work with relatively high speed ,high throughput

communication entertainment , etc.
 Concepts of security system :
security systems work on the simple concept of securing entry points into a building
with sensors that communicate with a control panel or command centre installed in a
convenient location somewhere in the building.

•Control Panel: The control panel is the computer that arms and disarms the security
systems, communicates with each installed component, sounds the alarm when a
security zone is breached, and communicates with an alarm monitoring company.

•Door and Window Sensors: Door and window sensors are comprised of two parts
installed adjacent to each other. One part of the device is installed on the door or
window and the other on the door frame or window sill. When a door or window is
closed, the two parts of the sensor are joined together, creating a security circuit.

•Motion Sensors: These security components, when armed, protect a given space by

creating an invisible zone that cannot be breached without sounding an alarm. These
are typically used to protect rooms containing valuables, as well as areas less
frequented in larger homes.

•Surveillance Cameras: Available in both wired and wireless

configurations, surveillance cameras can be used in several different ways as part of
Perimeter intrusion
 A perimeter intrusion detection system (PIDS) is a device or sensor that
detects the presence of an intruder attempting to breach the physical perimeter
of a building. A PIDS is typically deployed as part of overall security system and
is often found in high-security environments such as correctional facilities.
Concept:
 Fences, walls, intelligent detection technology, and state-of-the-art surveillance
measures: today, the options relating to comprehensive perimeter protection of
a property are more diverse and complex than ever.
 Whether at airports, in small or medium-sized companies, in forensics
institutions or correctional facilities, industrial properties with high security
requirements, in logistics or chemicals organizations, solar plants, external
storage or power plants.
 Appropriate protection measures help to prevent or minimize damage. They
contribute to early detection of attacks and support a rapid initiation of
countermeasures in the event of imminent danger.
 Surveillance Perimeter combines individual bricks into the protection concept
that have only one goal.
Technology
 Distributed Temperature Sensing
Distributed temperature sensing systems or DTS systems are fiber optic based
instruments which measure temperature along the length of the fiber optic
cable, essentially turning the entire length of cable into a sensor
 Distributed Acoustic Sensing
Distributed acoustic sensing systems or DAS systems are similar to DTS
systems, however, these fibre optic optoelectronic instruments measure
acoustic interactions along the length of a fibre optic sensing cable.
Advanced application:
• Barrier-mounted PIDS (perimeter intrusion detection system).
Fabric mounted systems, where the sensor is attached to the fabric of a fence
and post mounted systems, where sensors stretch between either fence posts
or dedicated posts.
• Ground-based PIDS
Ground-based PIDS are buried in the ground and may or may not be deployed

alongside a fence.
Security design
Security design refers to the techniques and methods that position those hardware
and software elements to facilitate security.

Security system design for verticals:

 Premises control unit (PCU), Alarm Control Panel (ACP), or simply panel: The "brain"

of the system, it reads sensor inputs, tracks arm/disarm status, and signals intrusions.
In modern system, this is typically one or more computer circuit boards inside a metal
enclosure, along with a power supply.

 Sensors: Devices which detect intrusions. Sensors may be placed at the perimeter of
the protected area, within it, or both. Sensors can detect intruders by a variety of
methods, such as monitoring doors and windows for opening, or by monitoring
unoccupied interiors for motions, sound, vibration, or other disturbances.

 Alerting devices: These indicate an alarm condition. Most commonly, these are bells,
sirens, and/or flashing lights. Alerting devices serve the dual purposes of warning
occupants of intrusion, and potentially scaring off burglars. These devices may also be
used to warn occupants of a fire or smoke condition.
Concept of automation in access control system
for safety
 Building automation and control systems (BACS) are an important part of
modern automated buildings. More and more they are also responsible
for functions affecting people’s safety, security and health. Thus the
respective technology is supposed to work reliably, securely, safely and
efficiently.

 The two important features of such a BACS are functional safety and
system security (short safety and security) of both the network nodes and
the communication protocols.

 Up to now little effort has been made to specify a life cycle for a safe and
secure BACS that defines requirements for the different stages of the
product life of a BACS.

 Special focus is related to the commonalities between the development

of safety and security systems to benefit from these commonalities in
development.
Physical security system with components
Physical security systems must be designed in depth. Physical barriers, technology,
people, and procedures must be creatively overlapped so that the protection system
is layered.

Layering provides both diversity and redundancy. Diversity provides cross-checks on

a situation while redundancy insures that every component is backed up in case of
failure. Layering must be designed into the system.

 Magnetic door contacts, which are tested on a regular schedule, are used to monitor
door alarms. Should there be a failure or undetected tampering, security personnel
performing routine integrity testing of the door and its alarms will detect the failure.

A card access system is installed to restrict access to authorized card holders. Any
unauthorized use of the card is recorded by CCTV, which provides a video audit trail
of the activity.

Physical security has three important components: access control, surveillance and

testing. Obstacles should be placed in the way of potential attackers
and physical sites should be hardened against accidents, attacks or environmental
disasters.
RFID security access control system with
components
 RFID Security Access Control System using 8051 Microcontroller is
an RFID Technology based security system. Using this system, authorization
of personnel is carried out with an RFID card and only those with access can
enter a secured area.

 The security of any organisation is a priority for the authorities

  RFID system consists of three components:

• A scanning antenna, a transceiver and a transponder. When the

scanning antenna and transceiver are combined, they are referred

as an RFID reader or interrogator.

• The RFID reader is a network- connected device that can be portable or

permanently attached.
COMPUTER SYSTEM ACCESS CONTROL
 The term Access Control actually refers to the control over access to system
resources after a user's account credentials and identity have been authenticated and
access to the system granted.
DISCRETIONARY ACCESS CONTROL ( DAC )
 Discretionary Access Control (DAC) allows each user to control access to their own data.
DAC is typically the default access control mechanism for most desktop operating systems.
 Instead of a security label in the case of MAC, each resource object on a DAC based system
has an Access Control List (ACL) associated with it. An ACL contains a list of users and
groups to which the user has permitted access together with the level of access for each
user or group. For example, User A may provide read-only access on one of her files to User
B, read and write access on the same file to User C and full control to any user belonging
to Group 1.
 It is important to note that under DAC a user can only set access permissions for resources
which they already own. A hypothetical User A cannot, therefore, change the access
control for a file that is owned by User B. User A can, however, set access permissions on a
file that she owns. Under some operating systems it is also possible for the system or
network administrator to dictate which permissions users are allowed to set in the ACLs of
their resources.
 Discretionary Access Control provides a much more flexible environment than Mandatory
Access Control but also increases the risk that data will be made accessible to users that
should not necessarily be given access.
Mandatory Access Control ( MAC )
•Mandatory Access Control (MAC) is the strictest of all levels of control. The design of
MAC was defined, and is primarily used by the government.

•MAC takes a hierarchical approach to controlling access to resources. Under a MAC

enforced environment access to all resource objects (such as data files) is controlled
by settings defined by the system administrator.

•As such, all access to resource objects is strictly controlled by the operating system
based on system administrator configured settings. It is not possible under MAC
enforcement for users to change the access control of a resource.

•Mandatory Access Control begins with security labels assigned to all resource objects

on the system. These security labels contain two pieces of information - a
classification (top secret, confidential etc) and a category (which is essentially an
indication of the management level, department or project to which the object is
available).
Role Based Access Control ( RBAC )
•Role Based Access Control (RBAC), also known as Non discretionary Access Control,
takes more of a real world approach to structuring access control. Access under RBAC
is based on a user's job function within the organization to which the computer
system belongs.

•Essentially, RBAC assigns permissions to particular roles in an organization. Users are

then assigned to that particular role. For example, an accountant in a company will be
assigned to the Accountant role, gaining access to all the resources permitted for all
accountants on the system. Similarly, a software engineer might be assigned to
the developer role.

•Roles differ from groups in that while users may belong to multiple groups, a user
under RBAC may only be assigned a single role in an organization. Additionally, there
is no way to provide individual users additional permissions over and above those
available for their role. The accountant described above gets the same permissions as
all other accountants, nothing more and nothing less
THANKYOU