Home and building automation systems are becoming mainstream. Homeowners and building managers can now orchestrate and monitor applications and services. These systems are based on embedded systems distributed in the building and in all the controlled devices. However, embedded systems and their interconnection infrastructure, plus the ability to communicate with these systems remotely pose a serious security threat. While viruses in a PC or cellular phone can be inconvenient, a virus or Trojan horse in building functions can become a serious problem, and even prove fatal. This paper models and analyses these systems and proposes security model and measures, based on the security components from what we term as the zPnP approach [11], to make home and building automation systems safer.