120 Domain-Specific Languages for Security

Security engineering—from creating security requirements to the implementation of security features, such as cryptography or authentification—is often supported by domain-specific languages (DSLs). While many security DSLs have been presented, a lack of overview and empirical data about these DSLs, such as which security aspects are addressed and when, hinders their effective use and further research. This systematic literature review examines 120 security DSLs regarding their security aspects and goals addressed, their language-specific characteristics, their integration into the software development lifecycle, and their evaluation. We observe a focus on individual development phases and a high degree of fragmentation, which leads to opportunities for integration. The research community also needs to improve the usability and evaluation of security DSLs.