Diversity and System Security: A Game Theoretic Perspective

It has been argued that systems that are comprised of similar components (i.e., a monoculture) are more prone to attacks than a system that exhibits diversity. But it is not currently clear how much diversity is needed and how to leverage the underlying diversity in the design space. Here we attempt to study these issues using a Game Theoretic model comprised of multiple systems and an attacker. The model illustrates how the concept of the Nash Equilibrium provides a theoretical framework for designing strategic security solutions and how the mixed strategy solution space provides a conceptual basis for defining optimal randomization techniques that can exploit the underlying diversity. The paper also studies how strategic behavior influences the diversity and vulnerability of an overall system. Simulation results provide further insights into the effectiveness of our solution approach and the dynamics of strategic interaction in the context of system security.