Currently, we are designing a universal-applicable gateway to KNX systems. The hardware is based on an Fujitsu 16bit micro-controller with 24 MHz, 24Kbyte RAM, 384Kbyte flash memory, full USB support, 4 UARTs, 3 channels for I2C bus communication and an external bus interface. Our gateway will support EIBnet/IP (tunneling and routing) with an embedded web-server facilitating HEAD, GET and POST requests and CGI scripts. The gateway is intended as universal platform for ongoing development concerning integration of other fieldbus and multimedia bus systems to KNX, as well as gateway for remote IP services. In addition, it serves as a base for work in progress regarding the development of a set-top box for integration into the OSGi environment and plug and play networks. The paper presents the design of the hardware interfaces and interesting parts of the software implementation.

The deployment of home and building automation systems allows to increase comfort, safety and security and reduce operational cost. Today such systems typically follow a hierarchical distributed approach. While control networks interconnect smart sensors and actuators, a backbone network provides the infrastructure for management tasks. Devices interconnecting these networks have a strategic role. Especially in the home domain, the integration of various control and data networks is essential for maximum benefit. The European Installation Bus (KNX/EIB) is a popular control network designed to enhance electrical installations in buildings. It uses a proprietary twisted pair (TP) medium to interconnect devices like smart light switches and dimmers. The objective of this thesis is to design an embedded and versatile platform for ongoing development in the area of home and building automation systems with a focus on KNX/EIB TP. Besides two KNX/EIB TP interfaces, it provides RS-232, USB and Ethernet connectivity. The platform moreover has sufficient processing power and storage, enabling it to act as a “smart router” or gateway. The thesis first presents a classification of control network devices. It then discusses the hardware and software requirements for the desired platform. A detailed presentation of its design, implementation and operation with respect to hardware and software follows.

The deployment of home and building automation systems (BAS) allows to increase comfort, safety and security and to reduce operational cost. Today such systems typically follow a hierarchical distributed approach. While control networks interconnect smart sensors and actuators, a backbone network provides the infrastructure for management tasks. Devices interconnecting these networks play a strategic role. Especially in the home domain, the integration of various control and data networks is essential for maximum benefit.

The deployment of building automation systems (BAS) allows to increase comfort, safety and security and reduce operational cost at the same time. Today such systems typically follow a twolayered hierarchical approach. While control networks interconnect distributed sensors, actuators and controllers, a backbone provides the necessary infrastructure for management tasks hosted by configuration and management devices. In addition, devices interconnecting the control network with the backbone on the one hand and the backbone with further networks (e.g., the Internet) on the other hand play a strategic role. According to their particular functionality and the resulting demands on the necessary hardware and software support, BAS devices can be categorized in three distinct device classes. Based upon this classification the paper presents a generic hardware and software framework whose flexible design fits all these classes. Devices for a particular purpose (i.e., class) can be derived from the universally applicable, generic framework, easing development. This process is demonstrated for a multi-purpose hardware platform applicable to multiple device classes. Moreover, three case studies for this platform are presented which illustrate how software applications from all classes make use of this universally applicable platform.

Many applications such as distributed measurements or real-time networks benefit from a common notion of time. Protocols providing high precision and simple clock synchronization are necessary to achieve such a common time base. However, most of the available protocols are lacking with regard to fault tolerance and performance in case of a fault. The project IMAGINE (Introduction of Master Group Based Industrial Ethernet) overcomes these limitations by introducing a fault-tolerant IEEE 1588 master group. A proof of concept for a largeor even medium- scale network is, however, very difficult to obtain under laboratory conditions. Therefore, a simulation framework has been developed, which is presented in this paper.

Improved technology and economically feasible costs allow a widespread deployment of embedded systems in various application domains - ranging from integration into cars, industrial automation up to building automation. A sophisticated security architecture considering the challenging constraints on these systems and providing secure communication, secure software as well as physical security is needed. This paper presents an approach to allow untrusted, possible (intentional) malicious software to be executed securely on a low end embedded system. A proof of concept and an evaluation for a building automation system is given.

Building Automation Systems (BAS) aim at improving control and management of mechanical and electrical systems in buildings. It is the task of Sensors, Actuators and Controllers (SACs) to interact with the physical environment and perform measurement and control tasks. In building automation networks they, typically, consist of a network interface and a microcontroller (MCU) where an application specific hardware is attached. In a similar way, the software may be split into a system software part providing basic functionality and a (customizable) user application (UA) dealing with the attached hardware. Within KNX this concept is well known, as customized application modules are connected via the physical external interface to standardized bus attachment units. However, KNX UA development traditionally required profound hardware knowledge. This paper presents an approach to leverage user application development. With limited hardware resources of SACs in mind, an embedded virtual machine provides a lean environment for Java based user applications. Interfacing to KNX and the specific hardware is done by a well-defined Java user application programming interface. In addition, a management interface allows to download and configure UAs inside the virtual machine. The programming concept, configuration and management issues as well as the workflow are described in detail. As proof of concept for SACs supporting our approach two hardware platforms have been chosen: a stripboard equipped with an ATMega168 MCU and KNX connection via the Freebus project, and KNXcalibur, a Fujitsu MCU based board connected to KNX via TP-UART. The contribution is rounded up by a first performance analysis.

Building Automation Systems (BAS) lack a common application model. Thus, the development of control applications (CAs) is not a very straightforward task and requires profound expertise. When in addition security has to be considered, inexperienced developers are overwhelmed by the manifold demands and constraints. This paper presents an approach to ease the CA development and at the same time to provide security for their execution. The main idea is to base the application model on a generic ontology and to provide a sandbox for the execution environment. The programming concept, configuration and management issues as well as the workflow are described in detail. Finally, a proof of concept for BACnet and KNX is given.

When security-critical applications are considered to be integrated into the building automation domain, two requirements need to be fulfilled: providing security features at the network level and support for security mechanisms at the application level. This paper tackles the second goal using domain knowledge based on existing and related international application level standards. After the demands for secure applications and an underlying security policy are stated, a system model is derived that allows specifying security attributes for data points, function blocks, embedded applications, and, finally, distributed control applications. In conclusion, the applicability of the model is demonstrated for selected use cases.