Design and Implementation of a Secure Web Platform for a Building Energy Management Open Source Software
Commercial buildings consume more than 40% of the total energy consumption in the United States. Almost 90% of these buildings are small- and medium-sized buildings that do not have a Building Energy Management (BEM) system. The reasons behind this are – lack of awareness, unavailability of inexpensive packaged solutions, and disincentive to invest in a BEM system if the tenant is not the owner.
Several open source tools and technologies have emerged recently that can be used for building automation and energy management. However, none of these systems is turnkey and deployment ready. They also lack consistent and intuitive navigation, security, and performance required for a BEM system.
The overall project - of which this thesis research is a part - addresses the design and implementation of an open source secure web based user platform to monitor, schedule, control, and perform functions needed for a BEM system serving small and medium-size buildings. The focus of this work are: principles of intuitive graphical user interface design, abstracting device functions into a comprehensive data model, identifying threats and vulnerabilities, and implementing a security framework for the web platform.
Monitor and control solutions for devices such as load controllers and sensors are abstracted and their decentralized control strategies are proposed and implemented using an open source robust scalable user platform accessible locally and remotely. The user platform is open-source, scalable, provides role-based access, dynamic, and modular in design. The comprehensive data model includes a user management model, device model, session model, and a scheduling model. The data model is designed to be flexible, robust and can be extended for any new device type. Security risks are analyzed using a threat model to identify security goals. The proposed security framework includes user authentication, device approval, role-based access, secure information exchange protocols, and web platform security. Performance of the user interface platform is evaluated for responsiveness in different screen sizes, page response times, throughput, and the performance of client side entities.