Model-Driven Safety Analysis of Closed-Loop Medical Systems

Pajić, Miroslav; Mangharam, Rahul; Sokolsky, Oleg; Arney, David; Goldman, Julian M.; Lee, Insup

doi:10.1109/tii.2012.2226594

Cited by 94 publications

(50 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Real medical devices exhibit continuous time behavior, and the ability to capture real-time behavior is critical if we want to apply our approach to real medical systems. For example, the ondemand medical systems described in [3,26,18] all rely on`timeout' behavior in the medical devices to guarantee system safety in the presence of inter-device communications failures. Additionally, many medical devices exhibit continuous behavior in terms of their interactions with the patient.…”

Section: Conclusion and Discussionmentioning

confidence: 99%

See 1 more Smart Citation

A Modal Specification Approach for On-Demand Medical Systems

King

Sokolsky

et al. 2014

Foundations of Health Information Engineering and Systems

Self Cite

View full text Add to dashboard Cite

The on-demand approach, where systems are assembled from components by lay users, has seen success in the consumer electronics industry. Currently, there is growing demand for on-demand capabilities in medical systems so caregivers can create larger medical systems from smaller medical devices. Unlike consumer electronics, medical systems pose challenges for the on-demand approach due to attributes such as device complexity, device variability and safety requirements. In this paper, we propose a formal specification language for on-demand (medical) systems. Our approach is based on the formalism of Modal I/O Automata, which allows system designers to express complex device requirements and can be used to reason about safety and liveness properties of on-demand medical systems directly from their specifications. We illustrate the applicability of our approach through a case study of a closed-loop patient controlled analgesia system. we propose a formal speci cation language for on-demand (medical) systems. Our approach is based on the formalism of Modal I/O Automata, which allows system designers to express complex device requirements and can be used to reason about safety and liveness properties of ondemand medical systems directly from their speci cations. We illustrate the applicability of our approach through a case study of a closed-loop patient controlled analgesia system.

show abstract

Section: Conclusion and Discussionmentioning

confidence: 99%

“…While PCA lets patients manage their own pain-levels e ectively [15] it also creates an opportunity for overdose. Opiod [26,19].…”

Section: Motivating Examplementioning

confidence: 99%

A Modal Specification Approach for On-Demand Medical Systems

King

Sokolsky

et al. 2014

Foundations of Health Information Engineering and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…The closed loop system considered a highly abstract PCA pump [21] and was modeled as a timed automaton in UPPAAL [1] whereas the GPCA discussed in this paper is a detailed model of a realistic infusion pump with rich functionality captured in AGREE and Simulink/Stateflow. To demonstrate that the GPCA satisfies the closed loop real-time safety requirements, it is necessary to demonstrate that the GPCA (expressed in AGREE) satisfies the PCA requirement (captured in UPPAAL).…”

Section: Verification In Contextmentioning

confidence: 99%

From Requirements to Code: Model Based Development of a Medical Cyber Physical System

Murugesan

Heimdahl

Whalen

et al. 2017

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The advanced use of technology in medical devices has improved the way health care is delivered to patients. Unfortunately, the increased complexity of modern medical devices poses challenges for development, assurance, and regulatory approval. In an e ort to improve the safety of advanced medical devices, organizations such as FDA have supported exploration of techniques to aid in the development and regulatory approval of such systems. In an ongoing research project, our aim is to provide effective development techniques and exemplars of system development artifacts that demonstrate state of the art development techniques.In this paper we present an end-to-end model-based approach to medical device software development along with the artifacts created in the process. While outlining the approach, we also describe our experiences, challenges, and lessons learned in the process of formulating and analyzing the requirements, modeling the system, formally verifying the models, generating code, and executing the generated code in the hardware for generic patient controlled analgesic infusion pump (GPCA). We believe that the development artifacts and techniques presented in this paper could serve as a generic reference to be used by researchers, practitioners, and authorities while developing and evaluating cyber physical medical devices. Abstract. The advanced use of technology in medical devices has improved the way health care is delivered to patients. Unfortunately, the increased complexity of modern medical devices poses challenges for development, assurance, and regulatory approval. In an effort to improve the safety of advanced medical devices, organizations such as FDA have supported exploration of techniques to aid in the development and regulatory approval of such systems. In an ongoing research project, our aim is to provide effective development techniques and exemplars of system development artifacts that demonstrate state of the art development techniques. In this paper we present an end-to-end model-based approach to medical device software development along with the artifacts created in the process. While outlining the approach, we also describe our experiences, challenges, and lessons learned in the process of formulating and analyzing the requirements, modeling the system, formally verifying the models, generating code, and executing the generated code in the hardware for generic patient controlled analgesic infusion pump (GPCA). We believe that the development artifacts and techniques presented in this paper could serve as a generic reference to be used by researchers, practitioners, and authorities while developing and evaluating cyber physical medical devices.

show abstract

“…The model also includes an automaton representing patient physiology, an automaton for the pulse oximeter, an automaton capturing the logic of the safety interface, and a network automaton. For details of the model, we refer the reader to [23].…”

Section: Closed Loop System Modelingmentioning

confidence: 99%

“…In prior works [23,21], we have separately and independently described two approaches to respectively verify (i) safety properties of the closed-loop system using timed automata models in UPPAAL that included a physiological model of the patient in the loop, and (ii) critical requirements of the infusion pump control software using a compositional assume-guarantee reasoning approach on an AADL system architecture with component behaviors elaborated in Simulink/Stateflow models. A natural question then is whether these two can be combined in some meaningful way such that the particular infusion pump when used as part of closedloop system can be guaranteed to uphold critical safety properties.…”

Section: Introductionmentioning

confidence: 99%

Linking abstract analysis to concrete design: A hierarchical approach to verify medical CPS safety

Murugesan

Sokolsky

Rayadurgam

et al. 2014

2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS)

Self Cite

View full text Add to dashboard Cite

Complex cyber-physical systems are typically hierarchically organized into multiple layers of abstraction in order to manage design complexity and provide verification tractability. Formal reasoning about such systems, therefore, necessarily involves the use of multiple modeling formalisms, verification paradigms, and concomitant tools, chosen as appropriate for the level of abstraction at which the analysis is performed. System properties verified using an abstract component specification in one paradigm must then be shown to logically follow from properties verified, possibly using a different paradigm, on a more concrete component description, if one is to claim that a particular component when deployed in the overall system context would still uphold the system properties. But, as component specifications at one layer get elaborated into more concrete component descriptions in the next, abstraction induced differences come to the fore, which have to be reconciled in some meaningful way. In this paper, we present our approach for providing a logical glue to tie distinct verification paradigms and reconcile the abstraction induced differences, to verify safety properties of a medical cyber-physical system. While the specifics are particular to the case example at hand -a high-level abstraction of a safety-interlock system to stop drug infusion along with a detailed design of a generic infusion pump -we believe the techniques are broadly applicable in similar situations for verifying complex cyberphysical system properties. ABSTRACTComplex cyber-physical systems are typically hierarchically organized into multiple layers of abstraction in order to manage design complexity and provide verification tractability. Formal reasoning about such systems, therefore, necessarily involves the use of multiple modeling formalisms, verification paradigms, and concomitant tools, chosen as appropriate for the level of abstraction at which the analysis is performed. System properties verified using an abstract component specification in one paradigm must then be shown to logically follow from properties verified, possibly using a different paradigm, on a more concrete component description, if one is to claim that a particular component when deployed in the overall system context would still uphold the system properties. But, as component specifications at one layer get elaborated into more concrete component descriptions in the next, abstraction induced differences come to the fore, which have to be reconciled in some meaningful way. In this paper, we present our approach for providing a logical glue to tie distinct verification paradigms and reconcile the abstraction induced differences, to verify safety properties of a medical cyberphysical system. While the specifics are particular to the case example at hand -a high-level abstraction of a safety-interlock system to stop drug infusion along with * This work has been partially supported by NSF grants CNS-0931931 and CNS-1035715.Permission to make digital or hard co...

show abstract

Model-Driven Safety Analysis of Closed-Loop Medical Systems

Cited by 94 publications

References 22 publications

A Modal Specification Approach for On-Demand Medical Systems

A Modal Specification Approach for On-Demand Medical Systems

From Requirements to Code: Model Based Development of a Medical Cyber Physical System

Linking abstract analysis to concrete design: A hierarchical approach to verify medical CPS safety

Contact Info

Product

Resources

About