SUMMARYSince many cyber-physical systems (CPSs) manipulate security-sensitive data, enhancing the quality of security in a CPS is a critical and challenging issue in CPS design. Although there has been a large body of research on securing general purpose PCs, directly applying such techniques to a CPS can compromise the real-time property of CPSs since the timely execution of tasks in a CPS typically relies on real-time scheduling. Recognizing this property, previous works have proposed approaches to add a security constraint to the real-time properties to cope with the information leakage problem that can arise between real-time tasks with different security levels. However, conventional works have mainly focused on non-preemptive scheduling and have suggested a very naive approach for preemptive scheduling, which shows limited analytical capability. In this paper, we present a new preemptive fixed-priority scheduling algorithm incorporating a security constraint, called lowest security-level first (LSF) and its strong schedulability analysis to reduce the potential of information leakage. Our simulation results show that LSF schedulability analysis outperforms state-of-the-art FP analysis when the security constraint has reasonable timing penalties.