{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,11]],"date-time":"2026-05-11T10:58:53Z","timestamp":1778497133337,"version":"3.51.4"},"reference-count":81,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,6,1]],"date-time":"2021-06-01T00:00:00Z","timestamp":1622505600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,6,1]],"date-time":"2021-06-01T00:00:00Z","timestamp":1622505600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100015898","name":"Systems Engineering Research Center","doi-asserted-by":"crossref","award":["HQ0034-13-D-0004"],"award-info":[{"award-number":["HQ0034-13-D-0004"]}],"id":[{"id":"10.13039\/100015898","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Softw Syst Model"],"published-print":{"date-parts":[[2022,2]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of \u201c-ilities\u201d, such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.\n<\/jats:p>","DOI":"10.1007\/s10270-021-00892-z","type":"journal-article","created":{"date-parts":[[2021,6,1]],"date-time":"2021-06-01T08:04:16Z","timestamp":1622534656000},"page":"113-137","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":36,"title":["An ontological metamodel for cyber-physical system safety, security, and resilience coengineering"],"prefix":"10.1007","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4992-0193","authenticated-orcid":false,"given":"Georgios","family":"Bakirtzis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tim","family":"Sherburne","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stephen","family":"Adams","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Barry M.","family":"Horowitz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter A.","family":"Beling","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cody H.","family":"Fleming","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,6,1]]},"reference":[{"key":"892_CR1","unstructured":"AIR6913. Using STPA during development and safety assessment of civil aircraft. Standard, SAE, (2018)"},{"key":"892_CR2","doi-asserted-by":"publisher","unstructured":"Allg\u00f6wer, F., de Sousa, J.B., Kapinski, J., Mosterman, P., Oehlerking, J., Panciatici, P., Prandini, M., Rajhans, A., Tabuada, P., Wenzelburger, P.: Position paper on the challenges posed by modern applications to cyber-physical systems theory. Nonlinear Analysis: Hybrid Syst. (2019). https:\/\/doi.org\/10.1016\/j.nahs.2019.05.007","DOI":"10.1016\/j.nahs.2019.05.007"},{"key":"892_CR3","unstructured":"AS5506C. Architecture analysis and design language. Standard, SAE, (2017)"},{"key":"892_CR4","doi-asserted-by":"crossref","unstructured":"Ross Ashby, W: General systems theory as a new discipline. In Facets of systems science, pages 249\u2013257. Springer, (1991)","DOI":"10.1007\/978-1-4899-0718-9_16"},{"key":"892_CR5","doi-asserted-by":"publisher","unstructured":"Atkinson, C., K\u00fchne, T.: Profiles in a strict metamodeling framework. Sci. Comput. Program. (2002). https:\/\/doi.org\/10.1016\/S0167-6423(02)00029-1","DOI":"10.1016\/S0167-6423(02)00029-1"},{"key":"892_CR6","doi-asserted-by":"publisher","unstructured":"Atkinson, C., Gerbig, R., K\u00fchne, T.: A unifying approach to connections for multi-level modeling. In Proceedings of the 2015 ACM\/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS). IEEE, (2015). https:\/\/doi.org\/10.1109\/MODELS.2015.7338252","DOI":"10.1109\/MODELS.2015.7338252"},{"key":"892_CR7","unstructured":"Bakirtzis, G., Carter, B.\u00a0T., Fleming, C.\u00a0H., Elks, C.\u00a0R.: MISSION AWARE: Evidence-based, mission-centric cybersecurity analysis. arXiv:1712.01448 [cs.CR], (2017)"},{"key":"892_CR8","doi-asserted-by":"publisher","unstructured":"Bakirtzis, G., Simon, B.J., Collins, A.G., Fleming, C.H., Elks, C.R.: Data-driven vulnerability exploration for design phase system analysis. IEEE Systems Journal (2019). https:\/\/doi.org\/10.1109\/JSYST.2019.2940145","DOI":"10.1109\/JSYST.2019.2940145"},{"key":"892_CR9","doi-asserted-by":"crossref","unstructured":"Bakirtzis, G., Ward, G.\u00a0L., Deloglos, C.\u00a0J., Elks, C.\u00a0R., Horowitz, B.\u00a0M., Fleming, C.\u00a0H.: Fundamental challenges of cyber-physical systems security modeling. In Proceedings of the 50th IFIP\/IEEE International Conference on Dependable Systems and Networks (DSN). IEEE, (2020)","DOI":"10.1109\/DSN-S50200.2020.00021"},{"key":"892_CR10","doi-asserted-by":"publisher","unstructured":"Berg, H., M\u00f8ller-Pedersen, B.: Type-safe symmetric composition of metamodels using templates. In Proceedings from the International Workshop on System Analysis and Modeling. Springer, (2012). https:\/\/doi.org\/10.1007\/978-3-642-36757-1_10","DOI":"10.1007\/978-3-642-36757-1_10"},{"key":"892_CR11","doi-asserted-by":"publisher","unstructured":"Berg, H., M\u00f8ller-Pedersen, B.: Specialisation of metamodels using metamodel types. In Revised Selected Papers from the Second International Conference on Model-Driven Engineering and Software Development (MODELSWARD 2014), Communications in Computer and Information Science. Springer, (2014). https:\/\/doi.org\/10.1007\/978-3-319-25156-1_6","DOI":"10.1007\/978-3-319-25156-1_6"},{"key":"892_CR12","doi-asserted-by":"publisher","unstructured":"Berg, H., M\u00f8ller-Pedersen, B.: Metamodel and model composition by integration of operational semantics. In Proceedings of the International Conference on Model-Driven Engineering and Software Development. Springer, (2015). https:\/\/doi.org\/10.1007\/978-3-319-27869-8_10","DOI":"10.1007\/978-3-319-27869-8_10"},{"key":"892_CR13","doi-asserted-by":"publisher","unstructured":"Broy, M., Feilkas, M., Herrmannsdoerfer, M., Merenda, S., Ratiu, D.: Seamless model-based development: From isolated tools to integrated model engineering environments. Proceedings of the IEEE (2010). https:\/\/doi.org\/10.1109\/JPROC.2009.2037771","DOI":"10.1109\/JPROC.2009.2037771"},{"key":"892_CR14","doi-asserted-by":"publisher","unstructured":"Bruel, J.-M., Combemale, B., Guerra, E., J\u00e9z\u00e9quel, J.-M., Kienzle, J., de Lara, J., Mussbacher, G., Syriani, E., Vangheluwe, H.: Comparing and classifying model transformation reuse approaches across metamodels. Software and Systems Modeling (2020). https:\/\/doi.org\/10.1007\/s10270-019-00762-9","DOI":"10.1007\/s10270-019-00762-9"},{"key":"892_CR15","unstructured":"CAPEC. Common attack pattern enumeration and classification. URL https:\/\/capec.mitre.org\/, (2020)"},{"key":"892_CR16","doi-asserted-by":"publisher","unstructured":"Carter, B., Adams, S., Bakirtzis, G., Sherburne, T., Beling, P., Horowitz, B.M., Fleming, C.H.: A preliminary design-phase security methodology for cyber-physical systems. Systems (2019). https:\/\/doi.org\/10.3390\/systems7020021","DOI":"10.3390\/systems7020021"},{"key":"892_CR17","doi-asserted-by":"publisher","unstructured":"Carter, B.\u00a0T., Bakirtzis, G., Elks, C.\u00a0R., Fleming, C.\u00a0H.: A systems approach for eliciting mission-centric security requirements. In Proceedings of the 2018 Annual IEEE International Systems Conference (SysCon). IEEE, (2018). https:\/\/doi.org\/10.1109\/SYSCON.2018.8369539","DOI":"10.1109\/SYSCON.2018.8369539"},{"issue":"5","key":"892_CR18","first-page":"647","volume":"51","author":"Peter Checkland","year":"2000","unstructured":"Checkland, Peter: Systems thinking, systems practice: includes a 30-year retrospective. J. Operat. Res Soc 51(5), 647 (2000)","journal-title":"J. Operat. Res Soc"},{"key":"892_CR19","doi-asserted-by":"publisher","unstructured":"Cho, H., Gray, J.: Design patterns for metamodels. In Proceedings of the Conference on Systems, Programming, and Applications: Software for Humanity (SPLASH 2011). ACM, (2011). https:\/\/doi.org\/10.1145\/2095050.2095056","DOI":"10.1145\/2095050.2095056"},{"key":"892_CR20","unstructured":"Combemale, B., Cr\u00e9gut, X., Pantel, M.: A design pattern for executable DSML. Technical report, INRIA (2010)"},{"key":"892_CR21","doi-asserted-by":"crossref","unstructured":"Cotsaftis, Michel: What makes a system complex?-an approach to self organization and emergence. In From System Complexity to Emergent Properties, pages 49\u201399. Springer, (2009)","DOI":"10.1007\/978-3-642-02199-2_3"},{"key":"892_CR22","doi-asserted-by":"publisher","unstructured":"de Lara, J., Guerra, E., Cuadrado, J.S.: When and how to use multilevel modelling. ACM Transac. Software Eng. Methodol. (2014). https:\/\/doi.org\/10.1145\/2685615","DOI":"10.1145\/2685615"},{"key":"892_CR23","doi-asserted-by":"crossref","unstructured":"De\u00a0Weck, Olivier\u00a0L, Roos, Daniel, Magee, Christopher\u00a0L: Engineering systems: meeting human needs in a complex technological world. Mit Press, (2011)","DOI":"10.7551\/mitpress\/8799.001.0001"},{"key":"892_CR24","unstructured":"DO-331. Model-based development and verification supplement to DO-178C and DO-278A. Standard, RTCA, (2011)"},{"key":"892_CR25","unstructured":"DO-333. Formal methods supplement to DO-178C and DO-278A. Standard, RTCA, (2011)"},{"key":"892_CR26","unstructured":"DO-356. Airworthiness security methods and considerations. Standard, RTCA, (2018)"},{"key":"892_CR27","doi-asserted-by":"publisher","unstructured":"Douglass, Bruce\u00a0Powel: Chapter 1 - what is model-based systems engineering? In Bruce\u00a0Powel Douglass, editor, Agile Systems Engineering, pages 1\u201339. Morgan Kaufmann, Boston, (2016). ISBN 978-0-12-802120-0. https:\/\/doi.org\/10.1016\/B978-0-12-802120-0.00001-1. URL https:\/\/www.sciencedirect.com\/science\/article\/pii\/B9780128021200000011","DOI":"10.1016\/B978-0-12-802120-0.00001-1"},{"key":"892_CR28","doi-asserted-by":"publisher","unstructured":"Dragomir, I., Ober, I., Percebois, C.: Contract-based modeling and verification of timed safety requirements within SysML. Software Syst. Model. (2017). https:\/\/doi.org\/10.1007\/s10270-015-0481-1","DOI":"10.1007\/s10270-015-0481-1"},{"key":"892_CR29","unstructured":"Flood, Robert\u00a0L, Carson, Ewart\u00a0R: Dealing with complexity: an introduction to the theory and application of systems science. Springer Sci. Business Media, (2013)"},{"key":"892_CR30","doi-asserted-by":"publisher","unstructured":"Fondement, F., Muller, P.-A., Thiry, L., Wittmann, B., Forestier, G.: Big metamodels are evil. In Proceedings of the International Conference on Model Driven Engineering Languages and Systems. Springer, (2013). https:\/\/doi.org\/10.1007\/978-3-642-41533-3_9","DOI":"10.1007\/978-3-642-41533-3_9"},{"key":"892_CR31","doi-asserted-by":"publisher","unstructured":"Golra, F.\u00a0R., Dagnat, F., Souqui\u00e8res, J., Sayar, I., Guerin, S.: Bridging the gap between informal requirements and formal specifications using model federation. In Proceedings of the International Conference on Software Engineering and Formal Methods. Springer, (2018). https:\/\/doi.org\/10.1007\/978-3-319-92970-5_4","DOI":"10.1007\/978-3-319-92970-5_4"},{"key":"892_CR32","doi-asserted-by":"publisher","unstructured":"G\u00f3mez, A., Mendialdua, X., Barmpis, K., Bergmann, G., Cabot, J., de Carlos, X., Debreceni, C., Garmendia, A., Kolovos, D.S., de Lara, J.: Scalable modeling technologies in the wild: an experience report on wind turbines control applications development. Software Syst. Model. (2020). https:\/\/doi.org\/10.1007\/s10270-020-00776-8","DOI":"10.1007\/s10270-020-00776-8"},{"key":"892_CR33","unstructured":"GraphQL Foundation. GraphQL specification, (2020). URL https:\/\/spec.graphql.org"},{"key":"892_CR34","unstructured":"Object\u00a0Management Group. SysMLv2 RFP, (2017). URL https:\/\/www.omg.org\/cgi-bin\/doc.cgi?ad\/2017-12-2"},{"key":"892_CR35","unstructured":"Object\u00a0Management Group. SysML specification, (2019). URL https:\/\/www.omg.org\/spec\/SysML"},{"key":"892_CR36","unstructured":"Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Uncover security design flaws using the STRIDE approach. MSDN Magazine, (2006). https:\/\/docs.microsoft.com\/en-us\/archive\/msdn-magazine\/2006\/november\/uncover-security-design-flaws-using-the-stride-approach"},{"key":"892_CR37","doi-asserted-by":"publisher","unstructured":"Horowitz, B.M.: Cyberattack-resilient cyberphysical systems. IEEE Security & Privacy (2020). https:\/\/doi.org\/10.1109\/MSEC.2019.2947123","DOI":"10.1109\/MSEC.2019.2947123"},{"key":"892_CR38","doi-asserted-by":"publisher","unstructured":"Hosseini, S., Barker, K., Ramirez-Marquez, J.E.: A review of definitions and measures of system resilience. Reliab. Eng. Syst. Safety (2016). https:\/\/doi.org\/10.1016\/j.ress.2015.08.006","DOI":"10.1016\/j.ress.2015.08.006"},{"key":"892_CR39","unstructured":"IEEE 1547. Standard for interconnecting distributed resources with electric power systems. Standard, IEEE, (2003)"},{"key":"892_CR40","unstructured":"INCOSE international council on systems engineering. A World In Motion: Systems Engineering Vision 2025, (2014). https:\/\/www.incose.org\/products-and-publications\/se-vision-2025"},{"key":"892_CR41","unstructured":"ISO\/PAS 21448. Road vehicles \u2013 Safety of the intended functionality. Standard, SOTIF, (2019)"},{"key":"892_CR42","doi-asserted-by":"publisher","unstructured":"Jones, R.A., Horowitz, B.: A system-aware cyber security architecture. Systems Engineering (2012). https:\/\/doi.org\/10.1002\/sys.21206","DOI":"10.1002\/sys.21206"},{"key":"892_CR43","doi-asserted-by":"publisher","unstructured":"Jones, R.A., Luckett, B.A., Beling, P.A., Horowitz, B.M.: Architectural scoring framework for the creation and evaluation of system-aware cyber security solutions. Environ. Syst. Decis. (2013). https:\/\/doi.org\/10.1007\/s10669-013-9462-5","DOI":"10.1007\/s10669-013-9462-5"},{"key":"892_CR44","doi-asserted-by":"publisher","unstructured":"Kalnins, A., Barzdins, J.: Metamodel specialization for graphical language support. Software and Systems Modeling (2019). https:\/\/doi.org\/10.1007\/s10270-018-0668-3","DOI":"10.1007\/s10270-018-0668-3"},{"key":"892_CR45","unstructured":"Karagiannis, D., H\u00f6fferer, P.: Metamodels in action: An overview. In Proceedings of the First International Conference on Software and Data Technologies (ICSOFT 2006). INSTICC Press, (2006)"},{"key":"892_CR46","doi-asserted-by":"publisher","unstructured":"Kinsner, W.: System complexity and its measures: How complex is complex. In Advances in cognitive informatics and cognitive computing. Springer, (2010). https:\/\/doi.org\/10.1007\/978-3-642-16083-7_14","DOI":"10.1007\/978-3-642-16083-7_14"},{"key":"892_CR47","doi-asserted-by":"publisher","unstructured":"Lee, E.A.: Fundamental limits of cyber-physical systems modeling. ACM Transac. on Cyber-Phys. Syst. (2016). https:\/\/doi.org\/10.1145\/2912149","DOI":"10.1145\/2912149"},{"key":"892_CR48","doi-asserted-by":"publisher","unstructured":"Leibrandt, R.: What is the INCOSE guide to the systems engineering body of knowledge (SEBoK)? In Proceedings of the INCOSE International Symposium (INCOSE 2001). Wiley, (2001). https:\/\/doi.org\/10.1002\/j.2334-5837.2001.tb02378.x","DOI":"10.1002\/j.2334-5837.2001.tb02378.x"},{"key":"892_CR49","doi-asserted-by":"crossref","unstructured":"Leveson, N.: Engineering a safer world: systems thinking applied to safety. MIT press, (2011)","DOI":"10.7551\/mitpress\/8179.001.0001"},{"key":"892_CR50","unstructured":"Leveson, N.\u00a0G., Thomas, J.\u00a0P.: STPA handbook, (2018). https:\/\/psas.scripts.mit.edu\/home\/get_file.php?name=STPA_handbook.pdf"},{"key":"892_CR51","doi-asserted-by":"publisher","unstructured":"L\u00facio, L., Amrani, M., Dingel, J., Lambers, L., Salay, R., Selim, G.M.K., Syriani, E., Wimmer, M.: Model transformation intents and their properties. Software and Systems Modeling (2016). https:\/\/doi.org\/10.1007\/s10270-014-0429-x","DOI":"10.1007\/s10270-014-0429-x"},{"key":"892_CR52","unstructured":"McDermott, T., Fleming, C.H., Clifford, M., Sherburne, T.: Methods to evaluate cost\/technical risk and opportunity decisions for security assurance in design. Technical report, SERC (2021)"},{"key":"892_CR53","unstructured":"Mesarovic, Mihajlo\u00a0D, Takahara, Yasuhiko: General systems theory: mathematical foundations. Academic press, (1975)"},{"key":"892_CR54","doi-asserted-by":"publisher","unstructured":"Mian, Z., Bottaci, L., Papadopoulos, Y., Sharvia, S., Mahmud, N.: Model transformation for multi-objective architecture optimisation of dependable systems. In Dependability problems of complex information systems. Springer, (2015). https:\/\/doi.org\/10.1007\/978-3-319-08964-5_6","DOI":"10.1007\/978-3-319-08964-5_6"},{"key":"892_CR55","doi-asserted-by":"publisher","unstructured":"Mitra, S., Wongpiromsarn, T., Murray, R.M.: Verifying cyber-physical interactions in safety-critical systems. IEEE Secur. Privacy (2013). https:\/\/doi.org\/10.1109\/MSP.2013.77","DOI":"10.1109\/MSP.2013.77"},{"key":"892_CR56","unstructured":"MOF. Meta object facility core specification. Specification, OMG, (2019). https:\/\/www.omg.org\/spec\/MOF;jsessionid=B409E18524A8399901F9B13503715740"},{"key":"892_CR57","doi-asserted-by":"publisher","unstructured":"Morozov, D., Lezoche, M., Panetto, H.: Multi-paradigm modelling of cyber-physical systems. IFAC-PapersOnLine (2018). https:\/\/doi.org\/10.1016\/j.ifacol.2018.08.334","DOI":"10.1016\/j.ifacol.2018.08.334"},{"key":"892_CR58","doi-asserted-by":"crossref","unstructured":"Myers, B.A.: Taxonomies of visual programming and program visualization. J. Visual Lang. Comput. (1990)","DOI":"10.1016\/S1045-926X(05)80036-9"},{"key":"892_CR59","doi-asserted-by":"publisher","unstructured":"Obrst, L.: Ontologies for semantically interoperable systems. In Proceedings of the 12th International Conference on Information and Knowledge Management, (2003). https:\/\/doi.org\/10.1145\/956863.956932","DOI":"10.1145\/956863.956932"},{"key":"892_CR60","doi-asserted-by":"crossref","unstructured":"Onggo, S.: Methods for conceptual model representation. CRC Press, In Conceptual modeling for discrete-event simulation (2010)","DOI":"10.1201\/9781439810385-c13"},{"key":"892_CR61","doi-asserted-by":"publisher","unstructured":"Paige, R.F., Zolotas, A., Kolovos, D.: The changing face of model-driven engineering. Present and Ulterior Software Engineering. Springer (2017). https:\/\/doi.org\/10.1007\/978-3-319-67425-4_7","DOI":"10.1007\/978-3-319-67425-4_7"},{"key":"892_CR62","doi-asserted-by":"publisher","unstructured":"Penzenstadler, B., Raturi, A., Richardson, D., Tomlinson, B.: Safety, security, now sustainability: The nonfunctional requirement for the 21st century. IEEE Software (2014). https:\/\/doi.org\/10.1109\/MS.2014.22","DOI":"10.1109\/MS.2014.22"},{"key":"892_CR63","doi-asserted-by":"crossref","unstructured":"Perrow, Charles: Normal accidents: Living with high risk technologies-Updated edition. Princeton University Press (2011)","DOI":"10.2307\/j.ctt7srgf"},{"key":"892_CR64","unstructured":"Poole, J.\u00a0D.: Model-driven architecture: Vision, standards and emerging technologies. In Proceedings of the Workshop on Metamodeling and Adaptive Object Models (ECOOP 2001), (2001)"},{"key":"892_CR65","doi-asserted-by":"publisher","unstructured":"Rieger, C.\u00a0G., Gertman, D.\u00a0I., McQueen, M.\u00a0A.: Resilient control systems: Next generation design research. In Proceedings of the 2009 2nd Conference on Human System Interactions. IEEE, (2009). https:\/\/doi.org\/10.1109\/HSI.2009.5091051","DOI":"10.1109\/HSI.2009.5091051"},{"key":"892_CR66","unstructured":"SAE J3187. Applying system theoretic process analysis (STPA) to automotive applications. Standard, SAE, (2018)"},{"key":"892_CR67","unstructured":"Scott, Z., Long, D.: One model, many interests, many views. Technical report, Vitech Corporation, (2018). http:\/\/www.vitechcorp.com\/resources\/white_papers\/onemodel.pdf"},{"key":"892_CR68","doi-asserted-by":"crossref","unstructured":"Sheard, Sarah\u00a0A, Mostashari, Ali: Principles of complex systems for systems engineering. Syst. Eng., 12(4):295\u2013311, (2009)","DOI":"10.1002\/sys.20124"},{"key":"892_CR69","doi-asserted-by":"publisher","unstructured":"Son, H.\u00a0S., Kim, W.\u00a0Y., Robert, Y., Kim, C., Min, H.-G.: Metamodel design for model transformation from Simulink to ECML in cyber physical systems. In Computer Applications for Graphics, Grid Computing, and Industrial Environment. Springer, (2012) https:\/\/doi.org\/10.1007\/978-3-642-35600-1_8","DOI":"10.1007\/978-3-642-35600-1_8"},{"key":"892_CR70","unstructured":"United States department of defense. Digital engineering strategy. Technical report, (2018)"},{"key":"892_CR71","unstructured":"University of Virginia. CPS metamodel. Software, (2020). https:\/\/doi.org\/10.5281\/zenodo.3752888"},{"key":"892_CR72","unstructured":"University of Virginia and Stevens Institute of Technology. Web-view: Oil and gas pipeline CPS case study using Vitech GENESYS. Software, (2020). https:\/\/doi.org\/10.5281\/zenodo.3753172"},{"key":"892_CR73","doi-asserted-by":"crossref","unstructured":"Vangheluwe, H.: Multi-paradigm modelling of cyber-physical systems. In Proceedings of the 7th International Conference on Model-Driven Engineering and Software Development (MODELSWARD 2019). SciTePress, (2019)","DOI":"10.1145\/3196478.3196479"},{"key":"892_CR74","doi-asserted-by":"publisher","unstructured":"Voas, J.: Software\u2019s secret sauce: the \u201c-ilities\u201d [software quality]. IEEE Software (2004). https:\/\/doi.org\/10.1109\/MS.2004.54","DOI":"10.1109\/MS.2004.54"},{"key":"892_CR75","doi-asserted-by":"publisher","unstructured":"Walker, M., Reiser, M.-O., Tucci-Piergiovanni, S., Papadopoulos, Y., L\u00f6nn, H., Mraidha, C., Parker, D., Chen, D., Servat, D.: Automatic optimisation of system architectures using EAST-ADL. J. Syst. Software (2013). https:\/\/doi.org\/10.1016\/j.jss.2013.04.001","DOI":"10.1016\/j.jss.2013.04.001"},{"key":"892_CR76","doi-asserted-by":"publisher","unstructured":"Whalen, M.W., Gacek, A., Cofer, D., Murugesan, A., Heimdahl, M.P.E., Rayadurgam, S.: Your \u201cwhat\u201d is my \u201chow\u201d: Iteration and hierarchy in system design. IEEE Software (2012). https:\/\/doi.org\/10.1109\/MS.2012.173","DOI":"10.1109\/MS.2012.173"},{"key":"892_CR77","unstructured":"Williams, J.\u00a0R., Zolotas, A., Matragkas, N.\u00a0D., Rose, L.\u00a0M., Kolovos, D.\u00a0S., Paige, R.\u00a0F., Polack, F.\u00a0A.\u00a0C.: What do metamodels really look like? In Proceedings of the 3rd International Workshop on Experiences and Empirical Studies in Software Modeling co-located with 16th International Conference on Model Driven Engineering Languages and Systems (MODELS 2013), (2013)"},{"key":"892_CR78","unstructured":"WK60748. New guide for application of systems-theoretic process analysis to aircraft. Standard, ASTM, (2020)"},{"key":"892_CR79","doi-asserted-by":"publisher","unstructured":"Wolny, S., Mazak, A., Carpella, C., Geist, V., Wimmer, M.: Thirteen years of SysML: a systematic mapping study. Softw. Syst. Model. (2020). https:\/\/doi.org\/10.1007\/s10270-019-00735-y","DOI":"10.1007\/s10270-019-00735-y"},{"key":"892_CR80","doi-asserted-by":"publisher","unstructured":"Young, W., Leveson, N.\u00a0G.: Systems thinking for safety and security. In Proceedings of the Annual Computer Security Applications Conference (ACSAC 2013). ACM, (2013). https:\/\/doi.org\/10.1145\/2523649.2530277","DOI":"10.1145\/2523649.2530277"},{"key":"892_CR81","doi-asserted-by":"publisher","unstructured":"Young, W., Leveson, N.G.: An integrated approach to safety and security based on systems theory. Communications of the ACM (2014). https:\/\/doi.org\/10.1145\/2556938","DOI":"10.1145\/2556938"}],"container-title":["Software and Systems Modeling"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-021-00892-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10270-021-00892-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10270-021-00892-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,16]],"date-time":"2022-02-16T06:04:54Z","timestamp":1644991494000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10270-021-00892-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,6,1]]},"references-count":81,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,2]]}},"alternative-id":["892"],"URL":"https:\/\/doi.org\/10.1007\/s10270-021-00892-z","relation":{},"ISSN":["1619-1366","1619-1374"],"issn-type":[{"value":"1619-1366","type":"print"},{"value":"1619-1374","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,6,1]]},"assertion":[{"value":"3 June 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 April 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 May 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 June 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}