Multi Variant eXecution (MVX) is a security defense technique that uses software diversity to protect system from attacks. MVX improves security capability by enhancing system endogenous security compared to traditional passive defense techniques. However, the current MVX technique lacks formal theoretical analysis and cannot effectively assess the overall security of the system. To address the constraint relationship between complex attack means and dynamic defense environment, we construct a novel atomic combination attack chain model, which decomposes macro attack means into single atomic attack behaviors and provides theoretical support for analyzing the security capability of dynamic systems. Then, the defense model of the MVX system is established, and the defense model’s security capability is analyzed using the attack model. Finally, the advantages and shortcomings of the security defense capability of the MVX system are evaluated based on a typical kernel attack example, and system optimization improvement measures are proposed.