Smart buildings are improving the convenience and sophistication of building management functions by using digital control networks to centralize and automate operations. Such Building Automation Systems (BASs) also introduce risks for security and privacy.  To control these risks, most BAS functions are restricted to administrators.  However, there are significant benefits to be gained by making some of the information and functions from the BAS available to building users.  This increases risk, especially if the BAS allows access from wireless or enterprise networks or the Internet. This project explores the design and implementation of middleware to securely enable such open BAS services.  The primary approach is based on a multi-tier architecture that protects the assets of principals that are not using the services even in circumstances where the application server is compromised.  Areas of research interest include perimeter security architectures, intrusion detection techniques, reducing insider threats, and preserving privacy.  The project includes investigations into new services for the Siebel Center.