Security engineering, from security requirements engineering to the implementation of cryptographic protocols, is often supported by domain-specific languages (DSLs). Unfortunately, a lack of knowledge about these DSLs, such as which security aspects are addressed and when, hinders their effective use and further research. This systematic literature review examines 120 security-oriented DSLs based on six research questions concerning security aspects and goals, language-specific characteristics, integration into the software development lifecycle (SDLC), and effectiveness of the DSLs. We observe a high degree of fragmentation, which leads to opportunities for integration. We also need to improve the usability and evaluation of security DSLs.
@article{arxiv.2408.06219,
title = {120 Domain-Specific Languages for Security},
author = {Markus Krausz and Sven Peldszus and Francesco Regazzoni and Thorsten Berger and Tim Güneysu},
journal= {arXiv preprint arXiv:2408.06219},
year = {2026}
}