Physical Access Control Administration Using Building Information Models

  • Nimalaprakasan Skandhakumar
  • Farzad Salim
  • Jason Reid
  • Ed Dawson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7672)


Physical access control systems play a central role in the protection of critical infrastructures, where both the provision of timely access and preserving the security of sensitive areas are paramount. In this paper we discuss the shortcomings of existing approaches to the administration of physical access control in complex environments. At the heart of the problem is the current dependency on human administrators to reason about the implications of the provision or the revocation of staff access to an area within these facilities. We demonstrate how utilising Building Information Models (BIMs) and the capabilities they provide, including 3D representation of a facility and path-finding, may reduce the incidents of errors made by security administrators.


Access Control Building Information Model Policy Rule Access Control Policy Access Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ASHRAE SSPC 135: BACnet - a data communication protocol for building automation and control networks (2012),
  2. 2.
    Balfanz, D., Durfee, G., Grinter, R.E., Smetters, D.K.: In search of usable security: Five lessons from the field. IEEE Security and Privacy 2(5), 19–24 (2004)CrossRefGoogle Scholar
  3. 3.
    Baty, J.: The rise of BIM. Concrete Contractor 12(1), 34–37 (2012)Google Scholar
  4. 4.
    Bauer, L., Cranor, L.F., Reeder, R.W., Reiter, M.K., Vaniea, K.: Real life challenges in access-control management. In: Proceedings of the 27th International Conference on Human Factors in Computing Systems, CHI 2009, pp. 899–908. ACM, New York (2009)CrossRefGoogle Scholar
  5. 5.
    Beal, B.: IT security: the product vendor landscape. Network Security 2005(5), 9–10 (2005)Google Scholar
  6. 6.
    Botta, D., Werlinger, R., Gagné, A., Beznosov, K., Iverson, L., Fels, S., Fisher, B.: Towards understanding it security professionals and their tools. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 100–111. ACM, New York (2007)CrossRefGoogle Scholar
  7. 7.
    Brostoff, S., Sasse, M.A., Chadwick, D., Cunningham, J., Mbanaso, U., Otenko, S.: ‘R-What?’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles. Software: Practice and Experience 35(9), 835–856 (2005)CrossRefGoogle Scholar
  8. 8.
    Eastman, C., Min Lee, J., Suk Jeong, Y., Kook Lee, J.: Automatic rule-based checking of building designs. Automation in Construction 18(8), 1011–1033 (2009)CrossRefGoogle Scholar
  9. 9.
    Fernandez, E.B., Ballesteros, J., Desouza-Doucet, A.C., Larrondo-Petrie, M.M.: Security Patterns for Physical Access Control Systems. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 259–274. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Fitzgerald, W.M., Turkmen, F., Foley, S.N., O’Sulliva, B.: Anomaly analysis for physical access control security configuration. In: Proceedings of the 7th International Conference on Risks and Security of Internet and Systems (2012)Google Scholar
  11. 11.
    Flechais, I., Mascolo, C., Sasse, M.A.: Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics 1(1), 12–26 (2007)CrossRefGoogle Scholar
  12. 12.
    Fortem Inc.: Omnipresence 3D Central Command (2012),
  13. 13.
  14. 14.
    Garfinkel, S.L.: Design principles and patterns for computer systems that are simultaneously secure and usable. PhD thesis (2005)Google Scholar
  15. 15.
    Gröger, G., Kolbe, T.H., Nagel, C., Häfele, K.H.: OGC City Geography Markup Language (CityGML) Encoding Standard. Technical Report OGC 12-019, Open Geospatial Consortium Inc. (2012)Google Scholar
  16. 16.
    Inglesant, P., Sasse, M.A., Chadwick, D., Shi, L.L.: Expressions of expertness: the virtuous circle of natural language for access control policy specification. In: Proceedings of the 4th Symposium on Usable Privacy and Security, SOUPS 2008, pp. 77–88. ACM, New York (2008)CrossRefGoogle Scholar
  17. 17.
    Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)CrossRefGoogle Scholar
  18. 18.
    Liebich, T., Adachi, Y., Forester, J., Hyvarinen, J., Karstila, K., Reed, K., Richter, S., Wix, J.: Buildingsmart: Industry Foundation Classes, IFC2x Edition 4 Release Candidate 2 (August 2010),
  19. 19.
    Mandloi, D., Thill, J.C.: Object-oriented data modeling of an indoor/outdoor urban transportation network and route planning analysis. In: Jiang, B., Yao, X. (eds.) Geospatial Analysis and Modelling of Urban Structure and Dynamics. GeoJournal Library, vol. 99, pp. 197–220. Springer, Netherlands (2010)CrossRefGoogle Scholar
  20. 20.
    Maxion, R.A., Reeder, R.W.: Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies 63(1-2), 25–50 (2005)CrossRefGoogle Scholar
  21. 21.
    Minnick, D., Ireland, R.: Inside the new organization: a blueprint for surviving restructuring, downsizing, acquisitions and outsourcing. Journal of Business Strategy 26(1), 18–25 (2005)CrossRefGoogle Scholar
  22. 22.
    Moses, T.: Extensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard. Technical report, OASIS Open (February 2005)Google Scholar
  23. 23.
    Patrick, A.S., Long, A.C., Flinn, S.: HCI and security systems. In: CHI 2003 Extended Abstracts on Human Factors in Computing Systems, CHI EA 2003, pp. 1056–1057. ACM, New York (2003)CrossRefGoogle Scholar
  24. 24.
    Reason, J.: Human error: models and management. BMJ 320(7237), 768–770 (2000)CrossRefGoogle Scholar
  25. 25.
    Rueppel, U., Stuebbe, K.M.: BIM-based indoor-emergency-navigation-system for complex buildings. Tsinghua Science & Technology 13(1), 362–367 (2008)CrossRefGoogle Scholar
  26. 26.
    Shuchi, S., Drogemuller, R., Kleinschmidt, T.: Flexible airport terminal design: towards a framework. In: Tang, L.C., Watson, G.H. (eds.) Proceedings of the IIE Asian Conference 2012, Singapore. Department of Industrial & Systems Engineering, NUS, pp. 348–356 (June 2012)Google Scholar
  27. 27.
    Siemens Building Technologies Group: SiPass Integrated (2012),
  28. 28.
    Skandhakumar, N., Reid, J., Dawson, E., Drogemuller, R., Salim, F.: An authorization framework using building information models. The Computer Journal 55(10), 1244–1264 (2012)CrossRefGoogle Scholar
  29. 29.
    Succar, B.: Building information modelling framework: A research and delivery foundation for industry stakeholders. Automation in Construction 18(3), 357–375 (2009)CrossRefGoogle Scholar
  30. 30.
    Tavanti, M., Lind, M.: 2D vs 3D, implications on spatial memory. In: Proceedings of the 2001 IEEE Symposium on Information Visualization, INFOVIS 2001, pp. 139–145. IEEE Computer Society, Washington, DC (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nimalaprakasan Skandhakumar
    • 1
  • Farzad Salim
    • 1
  • Jason Reid
    • 1
  • Ed Dawson
    • 1
  1. 1.Queensland University of TechnologyAustralia

Personalised recommendations