Due to the fact that every smart building is a unique composition of devices, services, and users there is no one-fits-all security architecture. With our proposal we address this problem by using Building Information Modeling (BIM) as source of information for our security concept. Using BIM, models are created throughout the planning of a building, which do not consist only of 3D information such as typical CAD drawings, but also provide a rich set of metadata about the building elements including devices, their interrelationships and networking. Thus, BIM can be used to derive security configurations for each individual embedded device, its services and the network as a whole. We demonstrate the function of a general Security Controller to partition the network on MAC layer. Furthermore, we draw an overall picture of the proposed architecture and the range of possible applications.