Development and implementation of dependable software and hardware components becomes more and more important for safety and security critical systems. The main problem for such applications is to reduce the risk of common cause failures (CCF). CCF is coincidental failure of two or more structures, systems or components is caused by any latent deficiency from design or manufacturing, from operation or maintenance errors, and which is triggered by any event induced by natural phenomenon, plant process operation, or action caused by man or by any internal event in the instrumentation and control system [ 1-3 ].

One of the most effective solutions to the CCF problem is diversity, which makes each version of the system unique, that means the probability of occurrence of CCF is minimized [ 2 ]. Diversity is a principle in instrumentation systems of sensing different parameters, using different technologies, using different logic or algorithms, or using different actuation means to provide several ways of detecting and responding to a significant event [ 2, 3 ].

Thus, solving the same problem in different ways, for example using different programming languages or different development teams, you can avoid system failure due to one error. Since in this case the faults will be various in each version, which means that the probability of CCF is significantly reduced.

Given the importance of effective implementation of diversity, there is a need to evaluate and select the most appropriate type of diversity. However, with the development of information technology, such task becomes more and more difficult, as the question arises as to how to use diversity and how to evaluate the security of multiversion systems when using such technologies. In addition, designers are trying to apply new technologies to provide diversity. This leads to a difficult choice of the type of diversity for a particular application.

To make this choice, a clear, ordered structure is needed to narrow the search circle. There are a large number of different classifications that represent various aspects of diversity [ 2-9 ]. Despite this, over time emerges a need to update and generalize them with considering of new technologies and challenges. 1.2

Currently, there are many different classifications of diversity, each of which deals with a narrow aspect of the security of a particular system. However, such a deep detail prevents to look at the situation as a whole. Consequently, it have to combine the most well-known classifications, which cover a sufficiently large number of types of diversity.

The most representative on this topic are following works. The technical report of the diversity of critical systems in the nuclear power industry NUREG-7007 [ 2 ], which in fact got status of standard, considers the protection of both software and hardware components. At the same time, software diversity is limited to N-version programming. The paper “The Multiple Faces of Software Diversity ...” [ 4 ] structures the research devoted to software diversity. It is the most complete overview of works on software diversity, although it does not contain its exhaustive classification. In addition, there is the article describing where and when it is possible to apply diversity to protect the software “SoK: Automated Software Diversity” [ 5 ]. Besides, authors analyze automated techniques of software diversity beyond the scope of N-version programming and suggest the classification of diversity based on software life cycle. However, it is not enough to describe all types of diversity.

There is a number of works, which clarify some aspects of diversity. The monograph [ 6 ] considers diversity to assure software fault tolerance. It is a classic work on this topic, although it is somewhat outdated at the moment. The article [ 7 ] offers a model of multi-version (n, m) – version systems that details the structure of N-version programming. An extension of the classification [ 2 ] was proposed in [ 8 ].

Hence, there are a lot of classifications and applications of diversity in safety and security critical domains during last twenty years. However, there is not general classification of diversity and techniques to join different version redundancy types. 1.3

The goal of the paper is to develop the unified classification of diversity. For this, we first consider the basic principles of the construction of classifications and describe the general approach to the representation of diversity in the facet-hierarchical structure (Section 2). Next, a plan for combining classifications is disclosed and the process of building a unified classification of diversity is described (Section 3). Results of the united classification development are presented (Section 4). Last section concludes and presents future steps of research. 2 2.1

The main types of classifications are faceted, hierarchical and facet-hierarchical (FIC) [ 10 ]. The basis of the facet classifications is the emphasizing of classification features in the subject domain under consideration, which are called facets. All terms from this area attribute to a particular facet.

The hierarchical classification method consists in dividing the whole set of terms from the subject domain into groups, which are further divided into subgroups, and these in turn can be further divided. Thus, subordination is established between the classification groups, which has the form of a hierarchy.

FIC consists of taxons and classification attributes. First, a set of objects form taxons, which are divided into groups according to classification features, which in turn are arranged in a certain hierarchy. The taxons themselves are also divided into subgroups, thus forming a subordination between taxons. 2.2

Depending on the type of classification, the approach to its construction is somewhat different, but there is a general principle for constructing any classification.

First of all, the formation of a set of studied objects is occurred. Each element of which must be deterministic and should be given a semantic description. After that, the set is divided into subsets according to certain attributes, which are unique for each subset. At the same time, depending on the type of classification, subordination is established between subgroups or this is not required.

Thus, works on diversity that contain classification schemes can be analyzed. These schemes are presented in the form of FIC. After that, they have been combined into a unified classification to cover the overall picture, taking into account modern technologies.

The example of extending faceted classifications is obtaining NUREG-7007 [ 2 ] from NUREG-6303 [ 1 ] by splitting one facet (Equipment diversity) into two (Equipment manufacturer diversity and Logic processing equipment diversity), as well as changing the semantic content of the other two facets (Software diversity and human diversity). Software diversity has come to be called the logic diversity and human diversity, respectively, is called the life-cycle diversity. Thus, the main changes in these classifications are shown on figures 1 and 2 according with technique described in [ 10 ]. The example of extending of a hierarchical classification is the combination of software diversity (SoK: Automated Software Diversity and (n, m) – version systems). The idea of extending is to divide the Implementation stage into 4 stages (Requirements development, Design, Coding and debugging, Integration). Taxonomic structure is set, consisting of three elements [ 10 ]:

S {A, T, Ψ}, where A — a set of classification attributes A = {Ai}in=1, T — a set of taxons T = {ti}in=1, Ψ — relationship between elements Ai ∈ A and Ti ∈ T: i.e.: A Ψ T.

An example of the taxonomic structure is the facet classification discussed above. The main feature of which is the independent of all facets.

Since the types of diversity are not equivalent, but are subordinate to each other, it is advisable to use faceted hierarchical structure. In which the classification attributes and taxons have a hierarchical form. Thus, a hierarchical component is added to equation (1).

Facet-hierarchical structure is set, consisting of three elements [ 10 ]:

SH = {AH, TH, ΨH}, where AH = {AHi}in=1 — a set of classification attributes in hierarchical structure, TH = {... {tij...k} ...} — a set of taxons in hierarchical structure, ΔT = {ti} — subset of taxons in hierarchical structure, which appropriate to classification attribute, Ψ: ∀AIi ↔ ΔTIi ⊂ TI —relation between taxonomic classification attributes and a variety of taxons in a hierarchical structure.

The example of applying facet-hierarchical classification is construction the main part of software diversity from NUREG-7007 [ 2 ], Automated Software Diversity [ 5 ] and (n,m)- version systems [ 7 ]. The idea is to distribute the techniques of software diversity according to the stage of the life cycle to which they apply. This example can be represented as a matrix showing the relationship between attributes and taxons. The result is presented in Table 1. Then a hierarchy is built up between taxons according to their correlation. As a result, a scheme describing some types of software diversity has been obtained (see Figure 5). Further, using the described procedure, the program diversity has been supplemented. In particular, for the stages of Compilation and Linking, Updating, the techniques that are used on them have been described.

Classification attributes 1. Software diversity 1.1 Software life-cycle 1.1.1 Stages of implementation 1.2 Implementation and Installation techniques 1.2.1 Types of N-Version programming

Taxon 1 Postdistribution Installation Requirements development In-place diversification Different algorithms, logic

Taxon 2 Predistribution Loading Design N-self checking programming Different timing and/or order of execution

Executing Codding and debugging Recovery Blocks Different runtime environment

Implementation Integration N-Version programming Different functional representation

Compilation and Linking

Updating

To develop a generalized classification, the schemes described in [ 2-9 ] have been selected. After that, they have been systematized into groups: Software, Hardware, Information management system. Human diversity, which can be used for any system and consists in using different teams of designers, developers and verifiers for each version, is considered separately.

The above classifications have been combined into a unified semantic facethierarchical structure (2). Since the process of combining classifications is not fully formalized in terms of the semantic component, expert support was used. To build a unified classification, the following procedure can be used:  Presenting the selected classifications in the form of FIS;  Preparing the initial data for the united (classification attributes and taxons);  Establishing the equivalences between attributes;  Establishing the taxon equivalences for each attributes;  Clarifying the hierarchies between attributes and between taxons;  Developing the final version of the classification. 4.2

Integrated diversity classification scheme presented in the figure 6. The scheme demonstrates a facet-hierarchical representation of diversity, where the top level contains such systems as software, hardware, information management. It also includes human diversity, which can be used for any type of system.

The general principle of construction of the scheme is the life cycle of diversified systems .This is special clearly shown for software, where the techniques providing diversity have been assigned to the stage of the life cycle to which they correspond. Since the implementation stage is the most sought-after to provide protection, it was described in more detail. Then attention was paid to fundamentally different approaches to the diversity of software, such as automated and managed diversity. The main difference of them is the origin of the diversity. This use of naturally established features of software, or artificial [ 11 ] introduction of a diversity.

The diversity of hardware has been structured according to the features of its operation and the most important components such as equipment, design, functioning and signal. In particular, the diversity of equipment is divided into two groups: equipment manufacturer and equipment processing logic. The possibility of using the principle of diversity at the network level has also been described. 4.3

One of the areas in which this classification can be used is the development of applications hosted in the cloud [ 12 ]. In this case, the first thing to do is to choose at what stage of the life cycle to apply the principle of diversity. After evaluating the most acceptable stage in terms of costs and security level, it is necessary to get acquainted with the techniques which are used on it and select the appropriate one.

Further, the decision is made on what type of application will be monolithic or consisting of micro-services. In accordance with this, it is necessary to use techniques of either managed diversity or automated one. This decision will also affect whether different teams of developers, testers and others will be used.

Since the cloud provider ensures the hardware, its diversity does not apply. However, it is possible instead diversify the providers themselves or the geographical location of their servers.

Fig. 6. United classification scheme.

Currently, web-services are actively developing. Their main components are application layer, web server, apps server, operating system and database management system. Web-services can be developed using cloud computing. In this case, the application will consist of components-off-the-shelf [ 13 ]. Thus, we can use natural diversity. It is also necessary to use the principle of diversity on the network layer. Using the methodology of faceted hierarchical structures and the constructed united classification, you can choose which type of diversity to apply for cloud computing. For such systems, the classification will take the form presented in figure 7. In the article, the most representative classifications of diversity have been analyzed, selected, combined and supplemented. Examples of the construction of various taxonomic structures have been considered. Based on the complexity of describing the types of diversity, it is suggested to use the FIS apparatus for the unification and a corresponding procedure was proposed

The main feature of this classification scheme is that it combines types of diversity from different domains, takes into account new technologies that can be used in safety critical systems. In addition, it is possible to choose ways to solve the security problem by using the resulting classification. For this is necessary to select and apply diversity taking into account the characteristics of domains. An example of using classification for cloud computing was considered.

Further, the diversity classification for IoT, cloud computing, AI, web-services and other modern technologies will be detailed. To do this, it is necessary to design certain filters that will allow moving from a general classification to an individual case of diversity applied to a particular system.