On the use of design diversity in fault tolerant and secure systems: A qualitative analysis

The design and development of modern critical systems, including cyber-physical systems, is experiencing a greater reliance on the outsourcing of systems parts and the use of third-party components and tools. These issues pose new risks and threats that affect dependability in general, and security in particular. Not only the chances are higher for system designs to be faulty, yet they can be maliciously altered. In addition, the extension of monocultures, comprising networks of interconnected systems featuring similar platforms and computing resources, facilitates the spreading and gravity of attacks. Even correctly designed systems can have side behaviors leading to vulnerabilities that are exploitable by attackers. Design diversity, although proposed and used for long time, can help palliate these emerging challenges. This paper explores and analyzes design diversity from a qualitative perspective, with respect to its fault tolerance and performance properties. The paper describes core concepts of design diversity such as non-diversity and diversity points, and provides quality measurements that help gaining a better understanding of how design diversity can impact the development of fault tolerant and secure systems.