Cyber-physical systems are developed collaboratively between software engineers and other engineering disciplines. This collaboration has coined the term „systems engineering“. Model-driven engineering is widely used to integrate these different disciplines, using models as primary artefacts. Due to the interconnected nature of cyber-physical systems, security has evolved into a key quality factor that needs to be taken into account at an early stage of the engineering process, preventing information leaks „by design“. In this talk, I will present my work in progress on the integration of information flow security into a model-driven engineering approach for cyber-physical systems. The goal is to trace security requirements between their specification at the level of systems engineering and their verification at the level of software engineering. In my work, I am facing typical challenges of information flow security such as security policy specification, verification techniques, and preservation of security on composition. Established results on these challenges are not easily applicable due to specific characteristics of cyber-physical systems like real-time behavior or message passing communication.