Aviation security has traditionally relied on strict network segregation, physical airport security, and avionics obscurity. However, as aircraft evolve into highly complex, interconnected systems, this is no longer enough. The push for connected aircraft, off-board data links, and the integration of passenger devices means cybersecurity must now be treated as a core part of airworthiness. At the same time, the threat landscape is rapidly intensifying. Artificial intelligence is allowing less skilled actors to launch sophisticated attacks, leading to a massive increase in the overall volume and severity of threats. Managing this complexity requires a highly structured engineering approach. Model-Based Systems Engineering (MBSE) frameworks, and corresponding Domain-specific Modeling Languages (DSML) such as the Open Avionics Architecture Model (OAAM), are widely utilized to define hardware topologies and functional allocations. Within these frameworks, system safety is rigorously formalized through detailed reliability models, specific hardware and functional failure modes, and precise failure rates. Because safety engineering relies heavily on quantitative metrics and established probability distributions, optimal safety architectures are highly calculable and straightforward to evaluate. These same modeling principles are increasingly being applied to avionics cybersecurity. The OAAM metamodel incorporates dedicated propagation structures designed to map exactly how an attack, threat actor, or data manipulation traverses a network. Furthermore, the metamodel enables the strict specification of security measure types and their underlying working principles. Defense mechanisms can be explicitly categorized by their effect, such as preventive, detective, or corrective, while tracing their protection capabilities to specific data assets. While these model elements successfully establish basic security primitives and propagation rules, a fundamental question remains: do current models possess sufficient structural and semantic depth to support the automated generation of an optimal, regulation-compliant security architecture? This presentation evaluates the sufficiency of current architectural models against modern aerospace regulations. While DSML like OAAM have been shown to effectively support static security risk assessments, they lack the explicit mathematical constraints required to systematically synthesize an optimized security layout. We analyze the semantic gap between existing structural parameters and the certification-critical requirements mandated by RTCA DO-326B and EASA CS-25 §1319. By mapping those requirements and constraints directly to existing model elements, we identify exactly where current data structures require expansion. Hence, the talk details the specific computable constraints that must be introduced into the metamodel, including the formalization of network domain segregation, Security Assurance Level (SAL) boundaries, and verifiable routing privileges across trusted partitions. The outcome is a methodology for augmenting MBSE models with quantifiable regulatory rules. Translating compliance requirements into algorithmic objective functions enables the transition from descriptive modeling to automated architecture generation. The introduced constraints and model elements enable the automated distribution and selection of security measures and their composition into a valid security architecture. An example is weighing the latency overhead of cryptographic controls against deterministic safety deadlines to systematically derive regulation-compliant architectures within strict safety, performance, feasibility, and Size, Weight, Power, and Cost (SWaP-C) limits.