pith. sign in

arxiv: 2408.06219 · v3 · submitted 2024-08-12 · 💻 cs.CR · cs.SE

120 Domain-Specific Languages for Security

Markus Krausz , Sven Peldszus , Francesco Regazzoni , Thorsten Berger , Tim G\"uneysu This is my paper

Pith reviewed 2026-05-23 22:00 UTC · model grok-4.3

classification 💻 cs.CR cs.SE
keywords security DSLsdomain-specific languagessystematic literature reviewsecurity engineeringsoftware development lifecycleusabilityfragmentationevaluation
0
0 comments X

The pith

A systematic review of 120 security DSLs identifies high fragmentation that creates integration opportunities while calling for better usability and evaluation.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper conducts a systematic literature review to map 120 domain-specific languages built for security engineering tasks. It organizes the DSLs by the security aspects they target, their language features, their fit within the software development lifecycle, and evidence of their effectiveness. A reader would care because scattered tools make it harder to select or combine approaches that actually improve security in practice. The review finds the DSLs are highly fragmented, pointing to chances for combining them, and notes that current work falls short on usability and rigorous evaluation.

Core claim

The authors examined 120 security-oriented DSLs through six research questions and observed a high degree of fragmentation, which leads to opportunities for integration. They also conclude that the usability and evaluation of security DSLs require improvement.

What carries the argument

The systematic literature review process that catalogs and classifies 120 security DSLs according to security aspects, language characteristics, SDLC integration, and effectiveness.

If this is right

  • Security DSLs cover many aspects but remain scattered across different phases of development.
  • Fragmentation creates concrete chances to merge or align existing DSLs.
  • Current DSLs lack sufficient attention to usability for practitioners.
  • Evaluation of DSL effectiveness is limited and needs stronger methods.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • A shared meta-language or integration layer could reduce duplication across the 120 DSLs.
  • Empirical studies measuring developer productivity with security DSLs would test the call for better evaluation.
  • Tool vendors could use the review's categories to identify missing coverage in the security lifecycle.

Load-bearing premise

The search and selection steps found a representative, unbiased collection of 120 security DSLs without major omissions.

What would settle it

A repeated literature search using the same protocol that yields a substantially different set of DSLs or that reaches different conclusions on the degree of fragmentation.

Figures

Figures reproduced from arXiv: 2408.06219 by Francesco Regazzoni, Markus Krausz, Sven Peldszus, Thorsten Berger, Tim G\"uneysu.

Figure 1
Figure 1. Figure 1: Literature filtering process. To systematically identify relevant security DSLs for in-depth analysis, we searched the academic literature on security DSLs. In order to obtain a broad initial coverage of the landscape of security DSLs, we decided to use a generic search term in the initial search and then filter out irrelevant results. Based on the initial dataset of publications identified in this way, we… view at source ↗
Figure 2
Figure 2. Figure 2: Communities of the publications from which the DSLs originate [PITH_FULL_IMAGE:figures/full_fig_p010_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Publication year of the DSLs and latest update on their publicly available repository or website [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Security aspects addressed by the security DSLs [PITH_FULL_IMAGE:figures/full_fig_p011_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Relevant SDLC Phases for the Usage of Security DSLs [PITH_FULL_IMAGE:figures/full_fig_p014_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Partial actor diagram for an electronic health care system in STS. [PITH_FULL_IMAGE:figures/full_fig_p015_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Kinds of artifacts expressed using the security DSLs [PITH_FULL_IMAGE:figures/full_fig_p015_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: UML deployment diagram of a health records system annotated with UMLsec for planning security of [PITH_FULL_IMAGE:figures/full_fig_p017_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Statistics on editing support and instance representation and language design (from left to right). [PITH_FULL_IMAGE:figures/full_fig_p019_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Semantic usage of the DSLs (one DSL can be used in multiple ways). [PITH_FULL_IMAGE:figures/full_fig_p019_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Number of investigated case-studies/examples [PITH_FULL_IMAGE:figures/full_fig_p022_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Authorization view for an electronic health care system in STS. [PITH_FULL_IMAGE:figures/full_fig_p026_12.png] view at source ↗
read the original abstract

Security engineering, from security requirements engineering to the implementation of cryptographic protocols, is often supported by domain-specific languages (DSLs). Unfortunately, a lack of knowledge about these DSLs, such as which security aspects are addressed and when, hinders their effective use and further research. This systematic literature review examines 120 security-oriented DSLs based on six research questions concerning security aspects and goals, language-specific characteristics, integration into the software development lifecycle (SDLC), and effectiveness of the DSLs. We observe a high degree of fragmentation, which leads to opportunities for integration. We also need to improve the usability and evaluation of security DSLs.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript presents a systematic literature review of 120 security-oriented domain-specific languages (DSLs), organized around six research questions on security aspects/goals addressed, language characteristics, integration into the software development lifecycle (SDLC), and DSL effectiveness. The authors report high fragmentation across the DSLs and conclude that opportunities exist for integration while usability and evaluation practices require improvement.

Significance. If the sample of 120 DSLs is representative, the review provides a useful map of the security DSL landscape and surfaces actionable gaps in usability and rigorous evaluation. The scale of the synthesis is a positive feature for a survey paper; however, the significance of the fragmentation and integration claims is directly tied to the completeness and lack of bias in the underlying selection process.

major comments (2)
  1. [Methods] Methods section (search and selection process): the description of databases searched, search strings, and inclusion/exclusion criteria is insufficiently detailed to allow independent verification of whether the 120 DSLs constitute a representative sample; without these specifics the headline claim of 'high degree of fragmentation' cannot be assessed for robustness versus selection artifact.
  2. [Results (RQ6)] Results on effectiveness (RQ6 and associated tables/figures): the synthesis of 'effectiveness' appears to rest on the presence or absence of evaluation studies in the cited papers rather than any standardized metric or meta-analysis; this weakens the recommendation to 'improve the evaluation of security DSLs' because the current state is not quantified beyond a count of papers that mention evaluation.
minor comments (2)
  1. [Abstract] Abstract and introduction: the six research questions are listed but not numbered or cross-referenced to the later sections, making navigation harder than necessary.
  2. [Introduction] Terminology: the paper uses 'DSL' and 'security DSL' without an explicit operational definition or decision rule for borderline cases (e.g., libraries vs. languages), which should be stated once in the methods.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our systematic literature review. We address each major comment below and indicate where revisions will be made to the manuscript.

read point-by-point responses

  1. Referee: [Methods] Methods section (search and selection process): the description of databases searched, search strings, and inclusion/exclusion criteria is insufficiently detailed to allow independent verification of whether the 120 DSLs constitute a representative sample; without these specifics the headline claim of 'high degree of fragmentation' cannot be assessed for robustness versus selection artifact.

    Authors: We agree that greater detail in the Methods section would improve transparency and allow independent verification. The current manuscript outlines the overall search strategy and selection process, but we will expand it in the revision to include the exact search strings employed in each database, the complete inclusion/exclusion criteria with examples and rationale, and any additional screening details. This will directly support assessment of the sample's representativeness and the robustness of the fragmentation findings. revision: yes

  2. Referee: [Results (RQ6)] Results on effectiveness (RQ6 and associated tables/figures): the synthesis of 'effectiveness' appears to rest on the presence or absence of evaluation studies in the cited papers rather than any standardized metric or meta-analysis; this weakens the recommendation to 'improve the evaluation of security DSLs' because the current state is not quantified beyond a count of papers that mention evaluation.

    Authors: The RQ6 synthesis follows standard SLR practice by systematically classifying the evaluation approaches reported across the primary studies, which provides a field-level view of evaluation maturity. Due to the substantial heterogeneity in DSLs, domains, and evaluation methods, a formal meta-analysis is not appropriate. We will revise the section to include additional quantitative breakdowns (e.g., proportions by evaluation type such as case studies versus controlled experiments) and explicitly discuss the limitations of current practices, thereby strengthening the recommendation for improved evaluation. revision: partial

Circularity Check

0 steps flagged

No circularity: observational synthesis from external literature

full rationale

This is a systematic literature review paper whose central claims (fragmentation of 120 DSLs, opportunities for integration, gaps in usability/evaluation) are derived by classifying and counting properties across papers retrieved from the literature. No mathematical derivations, fitted parameters, predictions, or first-principles results are present. The six research questions are answered by direct inspection of the selected DSL papers; the selection process itself is described as a standard SLR protocol and does not reduce any observation to a self-referential definition or self-citation chain. External citations supply the primary sources and are not load-bearing for any internal derivation. The paper is therefore self-contained against external benchmarks and receives the default non-circularity score.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

As a literature review the paper rests on standard SLR assumptions about search completeness and representativeness rather than new free parameters, axioms, or invented entities.

axioms (1)
  • domain assumption The literature search and selection process yields a representative sample of security DSLs.
    Invoked implicitly to support the claim of high fragmentation across the 120 DSLs.

pith-pipeline@v0.9.0 · 5637 in / 1071 out tokens · 32177 ms · 2026-05-23T22:00:32.127360+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

253 extracted references · 253 canonical work pages · 2 internal anchors

  1. [1]

    2017. PwnPr3d. https://github.com/PwnPr3d/pwnPr3d-GUI-Project2

    work page 2017

  2. [2]

    FLAMinLIO Tool

    2018. FLAMinLIO Tool. https://www.dropbox.com/s/zxy991pjeepl8nn/FLAMinLIO.zip?e=1

    work page 2018

  3. [3]

    Zee Sourcecode

    2019. Zee Sourcecode. https://www.dropbox.com/s/bl2jusn8nqukqhu/zee.zip

    work page 2019

  4. [4]

    Ryma Abbassi and Sihem Guemara El Fatmi. 2009. S-Promela: An executable specification security policies language. In COMNET. 1–8

    work page 2009

  5. [5]

    Pedro Adão, Riccardo Focardi, and Flaminia L. Luccio. 2013. Type-Based Analysis of Generic Key Management APIs. In CSF. 97–111. 28 Markus Krausz, Sven Peldszus, Francesco Regazzoni, Thorsten Berger, and Tim Güneysu

    work page 2013

  6. [6]

    Arash Afshar and Mehran S. Fallah. 2011. Reconstructing security types for automated policy enforcement in FABLE. In NSS. 358–363

    work page 2011

  7. [7]

    Amir Shayan Ahmadian, Sven Peldszus, Qusai Ramadan, and Jan Jürjens. 2017. Model-Based Privacy and Security Analysis with Carisma. In ESEC/FSE. 989–993

    work page 2017

  8. [8]

    Muhammad Alam, Ruth Breu, and Michael Hafner. 2007. Model-Driven Security Engineering for Trust Management in SECTET. Journal of Software 2, 1 (2007), 47–59

    work page 2007

  9. [9]

    Muhammad Alam, Michael Hafner, and Ruth Breu. 2006. A constraint based role based access control in the SECTET a model-driven approach. In PST. 13

    work page 2006

  10. [10]

    Masoom Alam, Jean-Pierre Seifert, and Xinwen Zhang. 2007. A Model-Driven Framework for Trusted Computing Based Systems. In EDOC. 75–86

    work page 2007

  11. [11]

    José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, and Pierre-Yves Strub. 2017. Jasmin: High-Assurance and High-Speed Cryptography. In CCS. 1807–1823

    work page 2017

  12. [12]

    Mohamed Almorsy. 2013. MDSE@R Files. https://sourceforge.net/projects/mdse-r/

    work page 2013

  13. [13]

    Mohamed Almorsy and John Grundy. 2014. SecDSVL: A Domain-Specific Visual Language to Support Enterprise Security Modelling. In ASWEC. 152–161

    work page 2014

  14. [14]

    Daoud Mohamed Amine, Dahmani Youcef, and Mostefaoui Kadda. 2019. IDS-DL: A description language for detection system in cloud computing. In SIN

    work page 2019

  15. [15]

    Peter Amthor and Marius Schlegel. 2020. Towards Language Support for Model-based Security Policy Engineering. In ICETE. 513–521

    work page 2020

  16. [16]

    Anderson

    Ross J. Anderson. 2008. Security Engineering – A Guide to Building Dependable Distributed Systems . Wiley

    work page 2008

  17. [17]

    OpenWide Arkoon Network Security and Telecom ParisTech. 2014. HAKA security project. http://www.haka- security.org/ accessed 7 Feb. 2024

    work page 2014

  18. [18]

    Aslan Askarov, Scott Moore, Christos Dimoulas, and Stephen Chong. 2015. Cryptographic Enforcement of Language- Based Information Erasure. In CSF. 334–348

    work page 2015

  19. [19]

    Yudistira Asnar, Tong Li, Fabio Massacci, and Federica Paci. 2011. Computer Aided Threat Identification. In CEC. 145–152

    work page 2011

  20. [20]

    Stefan Axelsson. 2000. Intrusion Detection Systems: A Survey and Taxonomy. (2000)

    work page 2000

  21. [21]

    Mitchell, Rahul Sharma, Deian Stefan, and Joe Zimmerman

    Alex Bain, John C. Mitchell, Rahul Sharma, Deian Stefan, and Joe Zimmerman. 2011. A Domain-Specific Language for Computing on Encrypted Data (Invited Talk). In FSTTCS. 6–24

    work page 2011

  22. [22]

    Siddharth Bajaj, Don Box, Dave Chappell, Francisco Curbera, Glen Daniels, Phillip Hallam-Baker, Maryann Hondo, Chris Kaler, Dave Langworthy, Anthony Nadalin, Nataraj Nagaratnam, Hemma Prafullchandra, Claus von Riegen, Daniel Roth, Jeffrey Schlimmer, Chris Sharp, John Shewchuk, Asir Vedamuthu, Ümit Yalçinalp, and David Orchard

    work page

  23. [23]

    Technical Report

    Web Services Policy 1.2 - Framework (WS-Policy) . Technical Report. W3C

    work page

  24. [24]

    Endre Bangerter, Stephan Krenn, Matrial Seifriz, and Ulrich Ultes-Nitsche. 2011. cPLC - A Cryptographic Programming Language and Compiler. In ISSA

    work page 2011

  25. [25]

    Manuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, and Bryan Parno. 2021. SoK: Computer-Aided Cryptography. In SP. 777–795

    work page 2021

  26. [26]

    Luciano Baresi, Sam Guinea, and Pierluigi Plebani. 2005. WS-Policy for Service Monitoring. In TES. 72–83

    work page 2005

  27. [27]

    Steffen Bartsch. 2011. Practitioners’ Perspectives on Security in Agile Development. In ARES. 479–484

    work page 2011

  28. [28]

    Basin, Manuel Clavel, Jürgen Doser, and Marina Egea

    David A. Basin, Manuel Clavel, Jürgen Doser, and Marina Egea. 2007. A Metamodel-Based Approach for Analyzing Security-Design Models. In MODELS. 420–435

    work page 2007

  29. [29]

    Basin, Manuel Clavel, and Marina Egea

    David A. Basin, Manuel Clavel, and Marina Egea. 2011. A decade of model-driven security. In SACMAT. 1–10

    work page 2011

  30. [30]

    Basin, Jürgen Doser, and Torsten Lodderstedt

    David A. Basin, Jürgen Doser, and Torsten Lodderstedt. 2006. Model driven security: From UML models to access control infrastructures. TOSEM 15, 1 (2006), 39–91

    work page 2006

  31. [31]

    Rustan M

    Andrew Baumann, Barry Bond, Andrew Ferraiuolo, Chris Hawblitzel, Jon Howell, Manos Kapritsos, K. Rustan M. Leino, Jacob R. Lorch, Bryan Parno, Ashay Rane, Srinath Setty, and Laure Thompson. 2024. Vale. https://github.com/project- everest/vale

    work page 2024

  32. [32]

    Delphine Beaulaton. 2018. IoT to BIP Compiler. https://gitlab.inria.fr/IOTLanguage/IoTCompilertoBIP

    work page 2018

  33. [33]

    Delphine Beaulaton, Najah Ben Said, Ioana Cristescu, Régis Fleurquin, Axel Legay, Jean Quilbeuf, and Salah Sadou

    work page

  34. [34]

    In SySoSE

    A Language for Analyzing Security of IOT Systems. In SySoSE. 37–44

    work page

  35. [35]

    Becker, Cédric Fournet, and Andrew D

    Moritz Y. Becker, Cédric Fournet, and Andrew D. Gordon. 2010. SecPAL: Design and semantics of a decentralized authorization language. Journal on Computer Security 18, 4 (2010), 619–665

    work page 2010

  36. [36]

    D Elliot Bell and Leonard J LaPadula. 1973. Secure Computer Systems: Mathematical Foundations . Technical Report. MITRE Corporation

    work page 1973

  37. [37]

    Assaf Ben-David, Noam Nisan, and Benny Pinkas. 2008. FairplayMP: a system for secure multi-party computation. In CCS. 257–266. 120 Domain-Specific Languages for Security 29

    work page 2008

  38. [38]

    Bhargavan, Antoine Delignat-Lavaud, and S

    K. Bhargavan, Antoine Delignat-Lavaud, and S. Maffeis. 2013. Language-based Defenses Against Untrusted Browser Origins. In USENIX Security

    work page 2013

  39. [39]

    Rafae Bhatti, Elisa Bertino, and Arif Ghafoor. 2006. X-FEDERATE: A Policy Engineering Framework for Federated Access Management. TSE 32, 5 (2006), 330–346

    work page 2006

  40. [40]

    Bettis, and Elisa Bertino

    Rafae Bhatti, Maria Luisa Damiani, David W. Bettis, and Elisa Bertino. 2008. Policy Mapper: Administering Location- Based Access-Control Policies. Internet Computing 12, 2 (2008), 38–45

    work page 2008

  41. [41]

    Rafae Bhatti, Arif Ghafoor, Elisa Bertino, and James Joshi. 2005. X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. TISSEC 8, 2 (2005), 187–227

    work page 2005

  42. [42]

    Rafae Bhatti, Basit Shafiq, Elisa Bertino, Arif Ghafoor, and James Joshi. 2005. X-gtrbac admin: A decentralized administration model for enterprise-wide access control. TISSEC 8, 4 (2005), 388–423

    work page 2005

  43. [43]

    Kenneth J Biba. 1977. Integrity Considerations for Secure Computer Systems . Technical Report. MITRE Corporation

    work page 1977

  44. [44]

    Soren Bleikertz and Thomas Groß. 2011. A Virtualization Assurance Language for Isolation and Deployment. In POLICY. 33–40

    work page 2011

  45. [45]

    Rustan M

    Barry Bond, Chris Hawblitzel, Manos Kapritsos, K. Rustan M. Leino, Jacob R. Lorch, Bryan Parno, Ashay Rane, Srinath T. V. Setty, and Laure Thompson. 2017. Vale: Verifying High-Performance Cryptographic Assembly Code. In USENIX Security. 917–934

    work page 2017

  46. [46]

    Ruth Breu, Frank Innerhofer-Oberperfler, and Artsiom Yautsiukhin. 2008. Quantitative Assessment of Enterprise Security System. In ARES. 921–928

    work page 2008

  47. [47]

    Ruth Breu, Gerhard Popp, and Muhammad Alam. 2007. Model based development of access policies. STTT 9, 5-6 (2007), 457–470

    work page 2007

  48. [48]

    Niklas Broberg, Bart van Delft, and David Sands. 2013. Paragon for Practical Programming with Information-Flow Control. In APLAS. 217–232

    work page 2013

  49. [49]

    Niklas Broberg, Bart van Delft, David Sands, et al. 2013. Paragon Website. https://www.cse.chalmers.se/research/ group/paragon/

    work page 2013

  50. [50]

    Sven Bugiel, Stephan Heuser, and A. Sadeghi. 2013. Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies. In USENIX Security

    work page 2013

  51. [51]

    Burt, Barrett R

    Carol C. Burt, Barrett R. Bryant, Rajeev R. Raje, Andrew M. Olson, and Mikhail Auguston. 2003. Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control. In EDOC. 159–173

    work page 2003

  52. [52]

    Yang Cao, Yunwei Dong, Xiaomin Wei, and Xiao Wu. 2019. AADL Vulnerability Modeling and Security Analysis Method. In QRS

    work page 2019

  53. [53]

    Sunjay Cauligi, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, and Deian Stefan. 2017. FaCT: A Flexible, Constant-Time Programming Language. In SecDEV

    work page 2017

  54. [54]

    Wahby, John Renner, Benjamin Grégoire, Gilles Barthe, Ranjit Jhala, and Deian Stefan

    Sunjay Cauligi, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Grégoire, Gilles Barthe, Ranjit Jhala, and Deian Stefan. 2019. FaCT: A DSL for Timing-Sensitive Computation. InPLDI. 174–189

    work page 2019

  55. [55]

    Jennifer Cawthra, Michael Ekstrom, Lauren Lusty, Julian Sexton, John Sweetnam, and Anne Townsend. 2020. Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events. NIST Special Publication 1800-25

    work page 2020

  56. [56]

    Lorenzo Ceragioli, Letterio Galletta, Pierpaolo Degano, and David Basin. 2022. IFCIL: An Information Flow Configu- ration Language for SELinux. In CSF

    work page 2022

  57. [57]

    Francesco Di Cerbo, Dolière Francis Somé, Laurent Gomez, and Slim Trabelsi. 2015. PPL v2.0: Uniform Data Access and Usage Control on Cloud and Mobile. In TELERISE. 2–7

    work page 2015

  58. [58]

    Danwei Chen, Xiuli Huang, and Xunyi Ren. 2009. Access Control of Cloud Service Based on UCON. In CloudCom. 559–564

    work page 2009

  59. [59]

    Jung Hee Cheon, Hyeongmin Choe, Julien Devevey, Tim Güneysu, Dongyeon Hong, Markus Krausz, Georg Land, Marc Möller, Damien Stehlé, and MinJune Yi. 2023. HAETAE: Shorter Lattice-Based Fiat-Shamir Signatures. Cryptology ePrint Archive 2023/624 (2023)

    work page 2023

  60. [60]

    Mauro Conti, Vu Thien Nga Nguyen, and Bruno Crispo. 2010. CRePE: Context-Related Policy Enforcement for Android. In ISC. 331–345

    work page 2010

  61. [61]

    Corcoran, Michael Hicks, Nikhil Swamy, and Simon Tsang

    Brian J. Corcoran, Michael Hicks, Nikhil Swamy, and Simon Tsang. 2008. SELinks Website. https://www.cs.umd.edu/ projects/PL/selinks/

    work page 2008

  62. [62]

    Jason Crampton and Charles Morisset. 2012. PTaCL: A Language for Attribute-Based Access Control in Open Systems. In POST. 390–409

    work page 2012

  63. [63]

    Nicodemos Damianou, Naranker Dulay, Emil Lupu, and Morris Sloman. 2001. The Ponder Policy Specification Language. In POLICY. 18–38

    work page 2001

  64. [64]

    Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A Privacy Threat Analysis Framework: Supporting the Elicitation and Fulfillment of Privacy Requirements. Requirements Engineering Journal 16, 1 (2011), 3–32. 30 Markus Krausz, Sven Peldszus, Francesco Regazzoni, Thorsten Berger, and Tim Güneysu

    work page 2011

  65. [65]

    Denning and Peter J

    Dorothy E. Denning and Peter J. Denning. 1977. Certification of Programs for Secure Information Flow. Commun. ACM 20, 7 (1977), 504–513

    work page 1977

  66. [66]

    Leandro Marques do Nascimento, Daniel Leite Viana, PAS Neto, DA Martins, Vinicius Cardoso Garcia, and SR Meira

    work page

  67. [67]

    In ICSEA

    A Systematic Mapping Study on Domain-Specific Languages. In ICSEA. 179–187

    work page

  68. [68]

    Jürgen Doser. 2007. SecureUML Website. https://archiv.infsec.ethz.ch/people/doserj/mds.html

    work page 2007

  69. [69]

    Eckmann, Giovanni Vigna, and Richard A

    Steven T. Eckmann, Giovanni Vigna, and Richard A. Kemmerer. 2002. STATL: An Attack Language for State-Based Intrusion Detection. JCS 10, 1/2 (2002), 71–104

    work page 2002

  70. [70]

    Busalire Onesmus Emeka and Shaoying Liu. 2017. Security Requirement Engineering Using Structured Object- Oriented Formal Language for M-Banking Applications. In QRS

    work page 2017

  71. [71]

    Ferhat Erata, Shuwen Deng, Faisal Zaghloul, Wenjie Xiong, Onur Demir, and Jakub Szefer. 2023. Survey of Approaches and Techniques for Security Verification of Computer Systems. JETC 19, 6 (2023), 1–34

    work page 2023

  72. [72]

    Levent Erkök and John Matthews. 2009. Pragmatic equivalence and safety checking in Cryptol. In PLPV. 73–82

    work page 2009

  73. [73]

    ETSI. 2023. TTCN-3 Website. http://www.ttcn-3.org/

    work page 2023

  74. [74]

    Ameni Ben Fadhel. 2017. GemRBAC. https://github.com/AmeniBF/GemRBAC-DSL

    work page 2017

  75. [75]

    Ameni Ben Fadhel, Domenico Bianculli, and Lionel C. Briand. 2016. GemRBAC-DSL: A High-level Specification Language for Role-based Access Control Policies. In SACMAT. 179–190

    work page 2016

  76. [76]

    Paul Fariello, Kevin Denis, and Nicolas Aguirre. 2016. Haka Security. https://github.com/haka-security/haka

    work page 2016

  77. [77]

    Luminous Fennell and Peter Thiemann. 2016. LJGS: Gradual Security Types for Object-Oriented Languages. In ECOOP. 9:1–9:26

    work page 2016

  78. [78]

    Luminous Fennell and Peter Thiemann. 2016. LJGS: Gradual Security Types for Object-Oriented Languages (Artifact)

    work page 2016

  79. [79]

    Sadek Ferdous and Ron Poet

    Md. Sadek Ferdous and Ron Poet. 2014. CAFS: A Framework for Context-Aware Federated Services. In TrustCom. 130–139

    work page 2014

  80. [80]

    Andrew Ferraiuolo. 2015. SecVerilog. https://github.com/aferr/secverilog

    work page 2015

Showing first 80 references.