120 Domain-Specific Languages for Security
Markus Krausz, Sven Peldszus, Francesco Regazzoni, Thorsten Berger, Tim G\"uneysu
TL;DR
This paper systematically reviews 120 security-oriented domain-specific languages, highlighting their fragmentation, integration opportunities, and the need for improved usability and evaluation.
Contribution
It provides a comprehensive analysis of security DSLs, identifying gaps and opportunities for better integration, usability, and assessment in security engineering.
Findings
High fragmentation among security DSLs.
Opportunities for integrating security DSLs into SDLC.
Need for improved usability and evaluation methods.
Abstract
Security engineering, from security requirements engineering to the implementation of cryptographic protocols, is often supported by domain-specific languages (DSLs). Unfortunately, a lack of knowledge about these DSLs, such as which security aspects are addressed and when, hinders their effective use and further research. This systematic literature review examines 120 security-oriented DSLs based on six research questions concerning security aspects and goals, language-specific characteristics, integration into the software development lifecycle (SDLC), and effectiveness of the DSLs. We observe a high degree of fragmentation, which leads to opportunities for integration. We also need to improve the usability and evaluation of security DSLs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.