ID;Authors;Title;Doi;Year;Contribution Type;Focus;SPL --> Security;Security --> SPL;Domain;Projection;Variability Type;Verification;Evolution;Safety standard;Security standard;Confidentiality;Integrity;Availability;Authorization;Accountability;Non-repudiation;Other Security goals;Threats and Risks;Security measure;
1;Trujillo, S. and Perez, A. and Gonzalez, D. and Hamid, B.;Towards the integration of advanced engineering paradigms into RCES: Raising the issues for the safety-critical model-driven product-line case;10.1145/1868433.1868445;2010;Open Items;Both;N;Y;Embedded systems;Problem;Both;N;N;-;-;N;Y;N;N;N;N;dependability;System complexity, Variability, Communication;protected communication;
2;Dordowsky, F., Bridges, R., & Tschope, H;Implementing a software product line for a complex avionics system in Ada 83;10.1109/SPLC.2011.11;2011;Model;Safety;N;Y;Avionics;Solution;Software;Feature;N;DO-178;-;N;N;N;N;N;N;-;System complexity;certification;
3;"Cichos, Harald and Oster, Sebastian and Lochau, Malte and Sch\""{u}rr, Andy";Model-Based Coverage-Driven Test Suite Generation for Software Product Lines;10.1007/978-3-642-24485-8_31;2011;Method;Safety;N;Y;Automotive;Solution;Software;Feature;N;ISO 26262;-;N;N;N;N;N;N;-;Unauthorized access;taking photo;
4;Li, D., & Yang, Y.;Enhance value by building trustworthy software-reliant system of systems from software product lines;10.1109/PLEASE.2012.6229761;2012;Tool;Security;Y;Y;Avionics;Mapping;Software;Family;Y;-;-;Y;N;Y;N;N;N;reliability;Trust;System hiding;
5;S. Apel and A. von Rhein and P. Wendler and A. Größlinger and D. Beyer;Strategies for product-line verification: Case studies and experiments;10.1109/ICSE.2013.6606594;2013;Method;Safety;N;Y;General;Solution;Software;Family;N;-;-;N;N;Y;N;N;N;reliability, correctness;Hidden dependencies;model-checking, verification, encryption;
6;Ubayashi, N., Nakajima, S., & Hirayama, M.;Context-dependent product line engineering with lightweight formal approaches;10.1016/j.scico.2012.06.006;2013;Method;Safety;Y;Y;Embedded systems;Mapping;Both;Feature;N;-;-;N;N;N;N;N;N;reliability;Communication, Trust;-;
7;Andel, T. R., Whitehurst, L. N., & McDonald, J. T.;Software security and randomization through program partitioning and circuit variation;10.1145/2663474.2663484;2014;Method;Security;Y;N;General;Mapping;Both;Product;N;-;-;Y;Y;Y;N;N;N;-;injected code, cyber attacks (stack overflow, heap overflow, return-to-libc attack, side-channel analysis attack), physical attacks, vulnerabilities (Morris, Blaster, Slammer worms);program partitioning, dynamic variants;
8;Cleland-Huang, J. and Gotel, O.C.Z. and Hayes, J.H. and Mäder, P. and Zisman, A.;Software traceability: Trends and future directions;10.1145/2593882.2593891;2014;Open Items;Safety;N;Y;Avionics, Automotive;Problem;Both;Feature;Y;ISO 26262, DO-178;-;N;Y;Y;Y;N;N;ubiquity;Trust;-;
9;Hatcliff, J., Wassyng, A., Kelly, T., Comar, C., & Jones, P.;Certifiably safe software-dependent systems: challenges and directions;10.1145/2593882.2593895;2014;Open Items;Both;N;Y;General;Problem;Software;Feature;Y;IEC 61508, ISO 26262;-;N;Y;N;N;Y;N;reliability;Trust;-;
10;Gallina, B., & Fabre, L.;Benefits of security-informed safety-oriented process line engineering.;10.1109/DASC.2015.7311473;2015;Model;Both;Y;N;Avionics;Mapping;Both;N;Y;DO-326A, ARP4761;-;Y;Y;Y;N;N;N;reliability, dependability;Trust, vulnerabilities, bugs, faults;Assessment;
11;Ayala, I., Amor, M., Fuentes, L., & Troya, J. M.;A software product line process to develop agents for the iot;10.3390/s150715640;2015;Tool;Safety;N;Y;IoT;Solution;Software;N;Y;-;-;N;N;N;N;N;N;-;Data manipulation, Communication;-;
12;Vogel-Heuser, B., Fay, A., Schaefer, I., & Tichy, M.;Evolution of software in automated production systems: Challenges and research directions;10.1016/j.jss.2015.08.026;2015;Open Items;Safety;N;Y;General;Problem;Software;Feature;Y;-;-;Y;N;N;N;N;N;-;-;-;
13;Arrieta, A., Sagardui, G., & Etxeberria, L.;Cyber-physical systems product lines: Variability analysis and challenges;-;2015;Model;Safety;N;Y;Cyber-physical systems;Problem;Software;N;N;-;-;N;N;N;Y;N;N;-;-;-;
14;Barron, S., Cho, Y. M., Hua, A., Norcross, W., Voigt, J., & Haimes, Y.;Systems-based cyber security in the supply chain;10.1109/SIEDS.2016.7489299;2016;Method;Security;N;Y;General;Mapping;Software;N;N;-;-;N;Y;N;N;N;N;-;Vulnerabilities, alter 3D printing files;risk assessment;
15;Etigowni, Sriharsha and Tian, Dave (Jing) and Hern and ez, Grant and Zonouz, Saman and Butler, Kevin;CPAC: Securing Critical Infrastructure with Cyber-Physical Access Control;10.1145/2991079.2991126;2016;Method;Security;Y;N;Cyber-physical systems;Mapping;Software;N;N;-;-;Y;Y;N;Y;N;N;authenticity;Unauthorized access, system manipulation, trust;isolation;
16;Kuhrmann, M., Ternité, T., Friedrich, J., Rausch, A., & Broy, M.;Flexible software process lines in practice: A metamodel-based approach to effectively construct and manage families of software process models;10.1016/j.jss.2016.07.031;2016;Method;Both;N;Y;General;Solution;Software;N;Y;-;-;N;N;N;N;N;N;-;-;-;
17;Heikkilä, T., Dobrowiecki, T., & Dalgaard, L.;Dealing with configurability in robot systems.;10.1109/MESA.2016.7587120;2016;Model;Safety;N;Y;Production;Solution;Both;N;N;IEC 61508;-;N;N;N;N;N;N;-;communication;communication protocol;
18;Barner, S. and Diewald, A. and Migge, J. and Syed, A. and Fohler, G. and Faugere, M. and Perez, D.G.;DREAMS Toolchain: Model-Driven Engineering of Mixed-Criticality Systems;10.1109/MODELS.2017.28;2017;Method;Safety;N;Y;General;Solution;Both;Feature;N;DO-178C, IEC 61508;-;N;N;N;N;N;N;dependability;communication;-;
19;Carpenter, Todd and Hatcliff, John and Vasserman, Eugene Y.;A Reference Separation Architecture for Mixed-Criticality Medical and IoT Devices;10.1145/3137003.3137008;2017;Model;Both;Y;Y;Medical;Solution;Both;Feature;N;-;AAMI TIR57;Y;Y;Y;Y;N;N;reliability, dependability;communication;certificate, whitelisting, encryption;
20;Nicolas, C.-F. and Eizaguirre, F. and Larrucea, A. and Barner, S. and Chauvel, F. and Sagardui, G. and Perez, J.;GSN support of mixed-criticality systems certification;10.1007/978-3-319-66284-8_14;2017;Method;Safety;N;Y;General;Solution;Software;Product;N;IEC 61508;-;N;Y;N;N;N;N;-;-;-;
21;Pessoa, Leonardo and Fern and es, Paula and Castro, Thiago and Alves, V and er and Rodrigues, Genana N. and Carvalho, Hervaldo;Building Reliable and Maintainable Dynamic Software Product Lines;10.1016/j.infsof.2017.02.002;2017;Method;Safety;N;Y;Medical;Mapping;Software;Feature;Y;IEC 60601;;N;N;Y;N;N;N;reliability;-;-;
22;Gannouni, W. and Doumbia, M.L. and Badri, A.;Systematic approach furthering confirmation measures of safety critical automotive systems;10.2495/SAFE170221;2018;Method;Safety;N;Y;Automotive;Mapping;Both;Feature;N;ISO 26262;-;N;N;N;N;N;N;-;-;-;
23;Islam, Nayreet and Azim, Akramul;Assuring the Runtime Behavior of Self-Adaptive Cyber-physical systemss Using Feature Modeling;-;2018;Method;Safety;N;Y;Cyber-physical systems;Solution;Both;Feature;Y;-;-;Y;Y;N;Y;N;N;authenticity;-;-;
24;"Krieter, Sebastian and Kr\""{u}ger, Jacob and Weichbrodt, Nico and Sartakov, Vasily A. and Kapitza, R\""{u}diger and Leich, Thomas";Towards Secure Dynamic Product Lines in the Cloud;10.1145/3183399.3183425;2018;Tool;Security;Y;N;General;Problem;Software;Product;Y;-;-;Y;Y;N;N;N;N;-;Unauthorized access;isolation;
25;Neši?, D., & Nyberg, M.;Verifying contract-based specifications of product lines using description logic;-;2018;Model;Both;N;Y;General;Problem;Software;N;N;ISO 61508;-;N;N;N;N;N;N;-;configurability;-;
26;Bennaceur, A., Ghezzi, C., Tei, K., Kehrer, T., Weyns, D., Calinescu, R., ... & Zhao, H.;Modelling and analysing resilient Cyber-physical systemss;10.1109/SEAMS.2019.00018;2019;Method;Both;Y;N;Cyber-physical systems;Mapping;Both;Product;Y;-;NIST Cyber- Physical Systems Program;N;N;Y;N;N;N;reliability, dependability;configurability, vulnerabilities;Access restriction, decentralization, autonomy/isolation;
27;de Oliveira, Andr\'{e} Luiz and Braga, Rosana and Masiero, Paulo and Parker, David and Papadopoulos, Yiannis and Habli, Ibrahim and Kelly, Tim;Variability Management in Safety critical Systems Design and Dependability Analysis;10.1002/smr.2202;2019;Model;Safety;N;Y;Avionics;Mapping;Both;Product;N;DO-178B/C;-;N;Y;Y;N;N;N;-;configurability;-;
28;Lohmüller, P. and Bauer, B.;Software product line engineering for safety-critical systems;10.5220/0007246102110218;2019;Method;Both;N;Y;Automotive;Problem;Both;Product;N;-;-;N;N;N;N;N;N;-;-;risk assessment;
29;M. Ebnauf and W. Abdelmoez and H. H. Ammar and A. Hassan and M. Abdelhamid;State-driven Architecture Design for Safety-critical Software Product Lines;10.1109/ICOM47790.2019.8952006;2019;Model;Safety;N;Y;Cyber-physical systems;Solution;Software;N;N;-;-;N;N;N;N;N;N;-;-;-;
30;Meixner, Kristof and Rabiser, Rick and Biffl, Stefan;Towards Modeling Variability of Products, Processes and Resources in Cyber-Physical Production Systems Engineering;10.1145/3307630.3342411;2019;Open Items;Safety;N;Y;Cyber-physical systems;Problem;Both;N;Y;-;-;N;N;Y;N;N;N;-;-;-;
31;Wolschke, C. and Becker, M. and Schneickert, S. and Adler, R. and MacGregor, J.;Industrial perspective on reuse of safety artifacts in software product lines;10.1145/3336294.3336315;2019;Open Items;Safety;N;Y;General;Problem;Both;Feature;Y;-;-;N;N;N;N;N;N;-;-;risk assessment;
32;Shaaban, A. M., Gruber, T., & Schmittner, C.;Ontology-based security tool for critical Cyber-physical systems;10.1145/3307630.3342397;2019;Tool;Security;Y;N;Production;Solution;Software;Product;N;-;IEC 62443-4-2, IEC 62443, IEEE 1686;Y;Y;N;Y;N;Y;authenticity;system vulnerabilities, communication;security model;
33;Chumpitaz, L., Furda, A., & Loke, S.;Evolving variability requirements of IOT systems;-;2019;Open Items;Security;N;Y;IoT;Problem;Both;N;Y;-;-;N;N;Y;Y;N;N;consistency;communication, trust, centralization;security policies, decentralization;
34;Burow, N., Burrow, R., Khazan, R., Shrobe, H., & Ward, B. C.;Moving Target Defense Considerations in Real-Time Safety-and Mission-Critical Systems;10.1145/3411496.3421224;2020;Method;Security;Y;Y;Military;Mapping;Software;N;N;-;-;Y;Y;N;N;N;Y;-;vulerabilities, malicious actors;changing location of libraries, randomization e.g. function-level, adress;
35;Ghamizi, S., Cordy, M., Papadakis, M., & Traon, Y. L.;FeatureNET: diversity-driven generation of deep learning models;10.1145/3377812.3382153;2020;Model;Security;Y;Y;General;Solution;Software;N;N;-;-;Y;N;N;N;N;N;-;model data leak, cyber attack;software diversity, steganography;
36;Bressan, L. and De Oliveira, A.L. and Campos, F.;An Approach to Support Variant Management on Safety Analysis using CHESS Error Models;10.1109/EDCC51268.2020.00030;2020;Method;Safety;N;Y;Automotive;Mapping;Software;N;N;ISO 26262;-;N;Y;Y;N;N;N;-;-;-;
37;Freitas, L., Scott III, W. E., & Degenaar, P.;Medicine-by-wire: Practical considerations on formal techniques for dependable medical systems;10.1016/j.scico.2020.102545;2020;Open Items;Safety;N;Y;Medical;Problem;Both;Feature;N;IEC 60601, IEC 62366, ISO 14971, ISO 13485, IEC 62304;-;N;Y;N;N;N;N;-;bugs;-;
38;Fischer, Stefan and Ramler, Rudolf and Klammer, Claus and Rabiser, Rick;Testing of Highly Configurable Cyber-physical systemss – A Multiple Case Study;10.1145/3442391.3442411;2021;Open Items;Safety;N;Y;Cyber-physical systems;Problem;Both;N;N;IEC 61508;-;N;N;Y;Y;N;N;-;Unauthorized access;isolation, risk assessment / monitoring;
39;Castro, T., Teixeira, L., Alves, V., Apel, S., Cordy, M., & Gheyi, R.;A formal framework of software product line analyses;10.1145/3442389;2021;Tool;Both;N;Y;General;Solution;Software;Family;Y;-;-;N;N;N;N;N;N ;-;-;security model;
40;Neši?, D., Nyberg, M., & Gallina, B. (;Product-line assurance cases from contract-based design;10.1016/j.jss.2021.110922;2021;Method;Safety;N;Y;Automotive;Mapping;Software;Feature;N;ISO 26262;-;Y;N;N;N;N;N;-;-;Assessment model;
41;White, D., Sahlab, N., Jazdi, N., & Weyrich, M.;Environment modeling for evaluating system variants in model-based systems engineering;10.1016/j.procir.2021.11.126;2021;Model;Both;N;Y;Medical;Mapping;Both;N;N;-;-;N;N;N;N;N;N;-;-;-;
42;Bressan, L., de Oliveira, A. L., Campos, F., & Capilla, R. (;A variability modeling and transformation approach for safety-critical systems;10.1145/3442391.3442398;2021;Model;Safety;N;Y;Production;Mapping;Both;N;N;IEC 61508;-;N;N;N;N;N;N;-;-;risk assessment, security analysis;
43;Zampetti, F., Tamburri, D. A., Panichella, S., Panichella, A., Canfora, G., & Penta, M. D.;Continuous Integration and Delivery practices for Cyber-physical systems: An interview-based study.;10.1145/3571854;2022;Open Items;Both;Y;Y;Cyber-physical systems;Problem;Both;Product;Y;IEC 61508;-;N;N;Y;N;N;N;-;tight coupling between the digital twin and the physical environment, communication;security policies;
44;Prikler, L. M., & Wotawa, F.;Challenges of Testing Self-Adaptive Systems;10.1145/3503229.3547048;2022;Open Items;Both;N;Y;Adaptive systems;Problem;Both;Feature;N;-;-;N;N;N;N;N;N;-;vulnerabilities, bugs;security testing (fuzzing, model-based, combinatorial);
;;;;;;;;;;;;;;;;;;;;;;;;;
Year;;;Contribution Type;;;Domain;;;Verification;;;Safety standard;;Confidentiality;;;Authorization;;;Threats and risks;;;Security measures;;
2008;0;;Method;17;;Embedded systems;2;;Feature;15;;IEC 61508;8;Y;12;;Y;8;;system complexity / network;9;Threat;risk assessment;7;threat and risk prevention
2009;0;;Model;11;;Avionics;5;;Product;8;;ISO 26262;6;N;32;;N;36;;trust;7;;security testing;1;
2010;1;;Metric;0;;Automotive;5;;Family;3;;DO-178;4;;;;;;;vulnerabilities;6;;security policies;2;
2011;2;;Tool;5;;IoT;2;;N;18;;IEC 60601;2;Integrity;;;Accountability;;;bugs;3;;certification;1;
2012;1;;Open Items;11;;Medical;4;;;;;Other;3;Y;16;;Y;1;;configurability;3;;;;
2013;2;;;;;Cyber-physcial systems;8;;Evolution;;;;;N;28;;N;43;;centralization;1;;program partitioning;1;architecture
2014;3;;Focus;;;Military;1;;Y;16;;Security standard;;;;;;;;hidden dependencies;1;;isolation;4;
2015;4;;Security;9;;Production;3;;N;28;;AAMI TIR57;1;Availability;;;Non-repudiation;;;cyber attack;2;Risk;system hiding;1;
2016;4;;Safety;23;;General;13;;;;;NIST Cyber-Physical Systems Program;1;Y;14;;Y;2;;system manipulation;2;;software diversity;1;
2017;4;;Both;12;;;;;;;;IEC 62443-4-2, IEC 62443, IEEE 1686;1;N;30;;N;42;;injected code;1;;changing location of libraries;1;
2018;4;;;;;Projection;;;;;;;;;;;;;;model data leak;1;;dynamic variants;1;
2019;8;;SPL --> Security;;;Problem;15;;;;;;;Other goals;;;;;;malicious actors;1;;decentralization;2;
2020;4;;Y;12;;Mapping;15;;;;;;;dependability;5;;;;;unauthorized access;4;;;;
2021;5;;N;32;;Solution;14;;;;;;;reliability;8;;;;;;;;taking photo;1;mitigation techniques
2022;2;;;;;;;;;;;;;correctness;1;;;;;;;;protected communication, decreption/encryption;1;
;;;Security --> SPL;;;Variability focus;;;;;;;;ubiquity;1;;;;;;;;encryption;2;
;;;Y;38;;Software;22;;;;;;;authenticity;3;;;;;;;;whitelisting;1;
;;;N;6;;Hardware;0;;;;;;;consistency;1;;;;;;;;randomization;1;
;;;;;;Both;22;;;;;;;;;;;;;;;;communication protocol;1;
;;;Both;;;;;;;;;;;;;;;;;;;;certificate;1;
;;;Y;6;;;;;;;;;;;;;;;;;;;security model;2;