@article{MTMT:33359588,
	title = {Safety and security of cyber-physical systems},
	url = {https://m2.mtmt.hu/api/publication/33359588},
	author = {Biro, Miklos and Mashkoor, Atif and Sametinger, Johannes},
	doi = {10.1002/smr.2522},
	journal-iso = {J SOFTW-EVOL PROC},
	journal = {JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS},
	unique-id = {33359588},
	issn = {2047-7473},
	year = {2022},
	eissn = {2047-7481}
}

@article{MTMT:33318822,
	title = {Model-driven engineering of safety and security software systems: A systematic mapping study and future research directions},
	url = {https://m2.mtmt.hu/api/publication/33318822},
	author = {Mashkoor, Atif and Egyed, Alexander and Wille, Robert and Stock, Sebastian},
	doi = {10.1002/smr.2457},
	journal-iso = {J SOFTW-EVOL PROC},
	journal = {JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS},
	unique-id = {33318822},
	issn = {2047-7473},
	abstract = {This article presents a systematic mapping study on the model-driven engineering of safety and security concerns in software systems. Combined modeling and development of both safety and security concerns is an emerging field of research as both concerns affect one another in unique ways. Our mapping study provides an overview of the current state of the art in this field. This study carefully selected 143 publications out of 27,259 relevant papers through a rigorous and systematic process. This study then proposes and answers questions such as frequently used methods and tools and development stages where these concerns are typically investigated in application domains. Additionally, we identify the community's preference for publication venues and trends. The discussion on obtained results also features the gained insights and future research directions.},
	keywords = {Model-Driven engineering; systematic mapping; Safety and security},
	year = {2022},
	eissn = {2047-7481},
	orcid-numbers = {Mashkoor, Atif/0000-0003-1210-5953; Wille, Robert/0000-0002-4993-7860; Stock, Sebastian/0000-0002-2231-8656}
}

@inproceedings{MTMT:33381233,
	title = {Application of Validation Obligations to Security Concerns},
	url = {https://m2.mtmt.hu/api/publication/33381233},
	author = {Stock, Sebastian and Mashkoor, Atif and Egyed, Alexander},
	booktitle = {DATABASE AND EXPERT SYSTEMS APPLICATIONS, DEXA 2022 WORKSHOPS},
	doi = {10.1007/978-3-031-14343-4_31},
	unique-id = {33381233},
	abstract = {Our lives become increasingly dependent on safety- and security-critical systems, so formal techniques are advocated for engineering such systems. One of such techniques is validation obligations that enable formalizing requirements early in development to ensure their correctness. Furthermore, validation obligations help hold requirements consistent in an evolving model and create assurances about the model's completeness. Although initially proposed for safety properties, this paper shows how the technique of validation obligations enables us to also reason about security concerns through an example from the medical domain.},
	keywords = {formal methods; Model-Driven engineering; Validation obligations; Security-critical systems},
	year = {2022},
	pages = {337-346},
	orcid-numbers = {Stock, Sebastian/0000-0002-2231-8656; Mashkoor, Atif/0000-0003-1210-5953}
}

@inproceedings{MTMT:33359590,
	title = {A Conceptual Model for Mitigation of Root Causes of Uncertainty in Cyber-Physical Systems},
	url = {https://m2.mtmt.hu/api/publication/33359590},
	author = {Asmat, Mah Noor and Khan, Saif Ur Rehman and Mashkoor, Atif},
	booktitle = {Database and Expert Systems Applications - DEXA 2021 Workshops},
	doi = {10.1007/978-3-030-87101-7_2},
	unique-id = {33359590},
	abstract = {Cyber-Physical Systems (CPS) are widely used in different domains. The major application domains of CPS are healthcare, transportation, manufacturing, industrial control systems, automatic pilot avionics, robotics systems, and so on. Uncertainty is one of the major issues that challenge the reliability of a CPS. In the literature, various approaches have been proposed to deal with uncertainty. However, fewer studies have focused on handling the root cause analysis of uncertainty and also suggesting the corresponding mitigation strategies. Inspired by this, we propose a conceptual model effective in mitigating the root causes of uncertainty in CPS. Moreover, some potential future research dimensions are outlined.},
	keywords = {UNCERTAINTY; CHALLENGES; cyber physical systems; Root causes},
	year = {2021},
	pages = {9-17},
	orcid-numbers = {Asmat, Mah Noor/0000-0003-1802-1267; Mashkoor, Atif/0000-0003-1210-5953}
}

@article{MTMT:32293890,
	title = {Safe and secure cyber-physical systems},
	url = {https://m2.mtmt.hu/api/publication/32293890},
	author = {Bíró, Miklós and Mashkoor, Atif and Sametinger, Johannes},
	doi = {10.1002/smr.2340},
	journal-iso = {J SOFTW-EVOL PROC},
	journal = {JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS},
	volume = {33},
	unique-id = {32293890},
	issn = {2047-7473},
	abstract = {Cyber-Physical Systems (CPSs) differ from traditional Information Technology (IT) systems in such a way that they interact with the physical environment, i.e., they can monitor and manipulate real objects and processes. For this special issue, the authors of the best papers of IWCFS 2019 were invited to submit extended versions of their workshop papers. Additionally, we received eight submissions from around the globe as a result of an open call. After thorough and stringent reviews, we selected six articles that provide relevant contributions to the field of safety and security for CPSs.},
	keywords = {SAFETY; Security; cyber–; physical system},
	year = {2021},
	eissn = {2047-7481},
	orcid-numbers = {Bíró, Miklós/0000-0001-8627-1159; Mashkoor, Atif/0000-0003-1210-5953}
}

@CONFERENCE{MTMT:32293891,
	title = {Evaluating the alignment of sequence diagrams with system behavior},
	url = {https://m2.mtmt.hu/api/publication/32293891},
	author = {Mashkoor, Atif and Egyed, Alexander},
	booktitle = {Proceedings of the 2nd International Conference on Industry 4.0 and Smart Manufacturing (ISM 2020)},
	doi = {10.1016/j.procs.2021.01.267},
	unique-id = {32293891},
	abstract = {In model-driven engineering, sequence diagrams are commonly used to describe a system's expected behavior in different scenarios. Indeed, the information flow described in sequence diagrams should actually take place during a real execution of the system in order to ensure its safety, security and correctness. If it does not, this may lead to serious consequences. In this short paper, we present a novel generic approach for addressing this issue by observing the live execution of a system and checking whether the exhibited information flow correctly follows what has been specified in sequence diagrams. (C) 2021 The Authors. Published by Elsevier B.V.},
	keywords = {Correctness; Sequence diagrams; run-time behavior},
	year = {2021},
	pages = {502-506}
}

@article{MTMT:32293889,
	title = {A goal-driven approach for the joint deployment of safety and security standards for operators of essential services},
	url = {https://m2.mtmt.hu/api/publication/32293889},
	author = {Ponsard, Christophe and Grandclaudon, Jeremy and Massonet, Philippe},
	doi = {10.1002/smr.2338},
	journal-iso = {J SOFTW-EVOL PROC},
	journal = {JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS},
	volume = {33},
	unique-id = {32293889},
	issn = {2047-7473},
	abstract = {Designing safety-critical software in domains ensuring essential services like transportation, energy, or health requires high assurance techniques and compliance with domain specific standards. As a result of the global interconnectivity and the evolution toward cyber-physical systems, the increasing exposure to cyber threats calls for the adoption of cyber security standards and frameworks. Although safety and security have different cultures, both fields share similar concepts and tools and are worth being investigated together. This paper provides the background to understand emerging co-engineering approaches. It advocates for the use of a model-based approach to provide a sound risk-oriented process and to capture rationales interconnecting top-level standards/directives to concrete safety/security measures. We show the benefits of adopting goal-oriented analysis that can be transposed later to domain-specific frameworks. Both qualitative and quantitative reasoning aspects are analyzed and discussed, especially to support trade-off analysis. Our work is driven by a representative case study in drinking water utility in the scope of the NIS regulation for operator of essential services.},
	keywords = {risk management; Engineering; Standards; Cyber security; Safety analysis; NIS directive; co‐},
	year = {2021},
	eissn = {2047-7481},
	orcid-numbers = {Ponsard, Christophe/0000-0002-5027-2114; Massonet, Philippe/0000-0003-1883-4188}
}

@article{MTMT:32293892,
	title = {A formal approach to rigorous development of critical systems},
	url = {https://m2.mtmt.hu/api/publication/32293892},
	author = {Singh, Neeraj Kumar and Lawford, Mark and Maibaum, Thomas S. E. and Wassyng, Alan},
	doi = {10.1002/smr.2334},
	journal-iso = {J SOFTW-EVOL PROC},
	journal = {JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS},
	volume = {33},
	unique-id = {32293892},
	issn = {2047-7473},
	abstract = {Safety critical systems, such as medical, automotive, and avionics systems, play an important role in our daily lives. Increasing demand for new technologies in these safety critical systems requires rapid adoption of commercial hardware and software. However, the adoption of new hardware and software increases life-threatening vulnerabilities. To aid in the reduction of these vulnerabilities and system failures, this paper proposes a framework based on formal methods for developing safety-critical systems from requirements analysis to code generation. This framework includes a development process for documenting system requirements using tabular expressions, automatic formal model generation from the documented requirements, verification and validation of the generated formal models using proof techniques and animations, interactive simulation for validating the required behavior of the developed models by enabling domain experts to observe the system states according to, and finally, code generation from the formal model into a desired language. A prototype toolchain is developed to automate this framework. An assessment of the proposed framework is undertaken through a case study: insulin infusion pump (IIP).},
	keywords = {REFINEMENT; simulation; Certification; formal methods; verification and validation; Code generation; proof-based development; tabular expression},
	year = {2021},
	eissn = {2047-7481}
}