120 Domain-Specific Languages for Security
This review identifies gaps and challenges in security DSLs, aiding researchers and practitioners in improving their effectiveness and usability.
The paper conducted a systematic literature review of 120 security-oriented domain-specific languages (DSLs) to address the lack of knowledge about their security aspects and usage, finding high fragmentation and opportunities for integration.
Security engineering, from security requirements engineering to the implementation of cryptographic protocols, is often supported by domain-specific languages (DSLs). Unfortunately, a lack of knowledge about these DSLs, such as which security aspects are addressed and when, hinders their effective use and further research. This systematic literature review examines 120 security-oriented DSLs based on six research questions concerning security aspects and goals, language-specific characteristics, integration into the software development lifecycle (SDLC), and effectiveness of the DSLs. We observe a high degree of fragmentation, which leads to opportunities for integration. We also need to improve the usability and evaluation of security DSLs.