Compositional verification of a medical device system

The advanced use of technology in medical devices has improved the way health care is delivered to patients. Unfortunately, the increased complexity of modern medical devices poses challenges for development, assurance, and regulatory approval. In an e ort to improve the safety of advanced medical devices, organizations such as FDA have supported exploration of techniques to aid in the development and regulatory approval of such systems. In an ongoing research project, our aim is to provide effective development techniques and exemplars of system development artifacts that demonstrate state of the art development techniques.In this paper we present an end-to-end model-based approach to medical device software development along with the artifacts created in the process. While outlining the approach, we also describe our experiences, challenges, and lessons learned in the process of formulating and analyzing the requirements, modeling the system, formally verifying the models, generating code, and executing the generated code in the hardware for generic patient controlled analgesic infusion pump (GPCA). We believe that the development artifacts and techniques presented in this paper could serve as a generic reference to be used by researchers, practitioners, and authorities while developing and evaluating cyber physical medical devices. Abstract. The advanced use of technology in medical devices has improved the way health care is delivered to patients. Unfortunately, the increased complexity of modern medical devices poses challenges for development, assurance, and regulatory approval. In an effort to improve the safety of advanced medical devices, organizations such as FDA have supported exploration of techniques to aid in the development and regulatory approval of such systems. In an ongoing research project, our aim is to provide effective development techniques and exemplars of system development artifacts that demonstrate state of the art development techniques. In this paper we present an end-to-end model-based approach to medical device software development along with the artifacts created in the process. While outlining the approach, we also describe our experiences, challenges, and lessons learned in the process of formulating and analyzing the requirements, modeling the system, formally verifying the models, generating code, and executing the generated code in the hardware for generic patient controlled analgesic infusion pump (GPCA). We believe that the development artifacts and techniques presented in this paper could serve as a generic reference to be used by researchers, practitioners, and authorities while developing and evaluating cyber physical medical devices.

show abstract

“…In this section, we summarize our verification strategy. A more detailed account is available in previous publications [19].…”

Section: Formal Verificationmentioning

confidence: 99%

From Requirements to Code: Model Based Development of a Medical Cyber Physical System

Murugesan

Heimdahl

Whalen

et al. 2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The software component (GPCA_SW) was by far the most complicated component. Hence developing it as one monolithic component was difficult to maintain as well as its verification was not scalable [21]. Hence it was decomposed further into sub-components as shown in Figure 5.…”

Section: Gpca Software Architecturementioning

confidence: 99%

“…Once the GPCA_SW was decomposed into sub-components, it was tractable for analysis hence no further decomposition was necessary. For details of the model, we refer the reader to [21].…”

Section: Gpca Software Architecturementioning

confidence: 99%

“…These individual behavioral models allowed us to analyse and verify the behaviors in a manageable fashion. For details of the model, we refer the reader to [21].…”

Section: Behaviorial Modelingmentioning

confidence: 99%

“…In prior works [23,21], we have separately and independently described two approaches to respectively verify (i) safety properties of the closed-loop system using timed automata models in UPPAAL that included a physiological model of the patient in the loop, and (ii) critical requirements of the infusion pump control software using a compositional assume-guarantee reasoning approach on an AADL system architecture with component behaviors elaborated in Simulink/Stateflow models. A natural question then is whether these two can be combined in some meaningful way such that the particular infusion pump when used as part of closedloop system can be guaranteed to uphold critical safety properties.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Linking abstract analysis to concrete design: A hierarchical approach to verify medical CPS safety

Murugesan

Sokolsky

Rayadurgam

et al. 2014

2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS)

Self Cite

View full text Add to dashboard Cite

Complex cyber-physical systems are typically hierarchically organized into multiple layers of abstraction in order to manage design complexity and provide verification tractability. Formal reasoning about such systems, therefore, necessarily involves the use of multiple modeling formalisms, verification paradigms, and concomitant tools, chosen as appropriate for the level of abstraction at which the analysis is performed. System properties verified using an abstract component specification in one paradigm must then be shown to logically follow from properties verified, possibly using a different paradigm, on a more concrete component description, if one is to claim that a particular component when deployed in the overall system context would still uphold the system properties. But, as component specifications at one layer get elaborated into more concrete component descriptions in the next, abstraction induced differences come to the fore, which have to be reconciled in some meaningful way. In this paper, we present our approach for providing a logical glue to tie distinct verification paradigms and reconcile the abstraction induced differences, to verify safety properties of a medical cyber-physical system. While the specifics are particular to the case example at hand -a high-level abstraction of a safety-interlock system to stop drug infusion along with a detailed design of a generic infusion pump -we believe the techniques are broadly applicable in similar situations for verifying complex cyberphysical system properties. ABSTRACTComplex cyber-physical systems are typically hierarchically organized into multiple layers of abstraction in order to manage design complexity and provide verification tractability. Formal reasoning about such systems, therefore, necessarily involves the use of multiple modeling formalisms, verification paradigms, and concomitant tools, chosen as appropriate for the level of abstraction at which the analysis is performed. System properties verified using an abstract component specification in one paradigm must then be shown to logically follow from properties verified, possibly using a different paradigm, on a more concrete component description, if one is to claim that a particular component when deployed in the overall system context would still uphold the system properties. But, as component specifications at one layer get elaborated into more concrete component descriptions in the next, abstraction induced differences come to the fore, which have to be reconciled in some meaningful way. In this paper, we present our approach for providing a logical glue to tie distinct verification paradigms and reconcile the abstraction induced differences, to verify safety properties of a medical cyberphysical system. While the specifics are particular to the case example at hand -a high-level abstraction of a safety-interlock system to stop drug infusion along with * This work has been partially supported by NSF grants CNS-0931931 and CNS-1035715.Permission to make digital or hard co...

show abstract

A systematic literature review of the use of formal methods in medical software systems

Bonfanti

Gargantini

Mashkoor

2018

J Software Evolu Process

View full text Add to dashboard Cite

The use of formal methods is often recommended to guarantee the provision of necessary services and to assess the correctness of critical properties, such as functional safety, cybersecurity, and reliability, in medical and health care devices. In the past, several formal and rigorous methods have been proposed and consequently applied for trustworthy development of medical software and systems. In this paper, we perform a systematic literature review on the available state of the art in this domain. We collect the relevant literature on the use of formal methods for modeling, design, development, verification, and validation of software-intensive medical systems. We apply standard systematic literature review techniques and run several queries in well-known repositories to obtain information that can be useful for people who are either already working in this field or planning to start. Our study covers both quantitative and qualitative aspects of the subject. KEYWORDSformal methods, systematic literature review, medical device software INTRODUCTIONIn modern medical devices, human safety depends upon the correct operation of software controlling the device: Software malfunctioning can cause injuries to, or even the death of, patients. A crucial issue is how to guarantee that medical software has all the qualities (eg, safety, security, and dependability) expected for critical components. One way to improve and assess software quality, as suggested by literature, 1-3 is to use formal methods or in general rigorous methods for design, validation, and verification of medical software. Some processes for improvement of medical standards, based on formal approaches, have already been proposed, 4-6 although their adoption in industrial applications is rather limited.The overall aim of this paper is twofold: (1) to provide guidance to researchers starting to work on this topic and (2) to assess the state of the art that is more useful for researchers already working on this subject. We have applied a systematic literature review (SLR) process to the topic of rigorous methods for designing and validation of medical software and systems by following the guidelines presented in literature 7-9 with slight improvements such as a wider range of repositories is queried for information retrieval and the subject is covered from both quantitative and qualitative aspects. Through this analysis, we give an overview of the research literature about formal methods applications to model, to verify, and to validate medical systems. Moreover, we include processes and tools that translate models written using formal languages in machine code. We would like to underline that the SLR carried out in this work considers only formal methods applied to medical device/software. Other processes applied to medical device/software are outside of our goal (eg, code implementation, testing, 8 and hardware configuration).The goals of our SLR are (1) to gather a sufficient number of relevant articles, (2) to perform a series of analyses, and (3) to p...

show abstract

Compositional verification of a medical device system

Cited by 29 publications

References 33 publications

From Requirements to Code: Model Based Development of a Medical Cyber Physical System

From Requirements to Code: Model Based Development of a Medical Cyber Physical System

Linking abstract analysis to concrete design: A hierarchical approach to verify medical CPS safety

A systematic literature review of the use of formal methods in medical software systems

Contact Info

Product

Resources

About