Modeling fault tolerant architectures with design diversity for secure systems

Modern critical systems are facing an increasingly number of new security risks. Nowadays, the extensive use of third-party components and tools during design, and the massive outsourcing overseas of the implementation and integration of systems parts, augment the chances for the introduction of malicious system alterations along the development lifecycle. In addition, the growing dominance of monocultures in the cyberspace, comprising collections of identical interconnected computer platforms, leads to systems that are subject to the same vulnerabilities and attacks. This is especially important for cyber-physical systems, which interconnect cyberspace with computing resources and physical processes. The application of concepts and principles from design diversity to the development and operation of critical systems can help palliate these emerging security challenges. This paper defines and analyzes models of fault tolerant architectures for secure systems that rely on the use of design diversity. The models are built using minimal extensions to classical architectures according to a set of defined failure classes for secure services. A number of metrics are provided to quantify fault tolerance and performance as a function of design diversity. The architectures are analyzed with respect to the design diversity, and compared based on the undetected failure probability, the number of tolerated and detected failures, and the performance delay.