Systems-Theoretic Safety Assessment of Robotic Telesurgical Systems

  • Homa Alemzadeh
  • Daniel Chen
  • Andrew Lewis
  • Zbigniew Kalbarczyk
  • Jaishankar Raman
  • Nancy Leveson
  • Ravishankar Iyer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9337)


Robotic surgical systems are among the most complex medical cyber-physical systems on the market. Despite significant improvements in design of those systems through the years, there have been ongoing occurrences of safety incidents that negatively impact patients during procedures. This paper presents an approach for systems-theoretic safety assessment of robotic telesurgical systems using software-implemented fault injection. We used a systems-theoretic hazard analysis technique (STPA) to identify the potential safety hazard scenarios and their contributing causes in RAVEN II, an open-source telerobotic surgical platform. We integrated the robot control software with a software-implemented fault injection engine that measures the resilience of system to the identified hazard scenarios by automatically inserting faults into different parts of the software. Representative hazard scenarios from real robotic surgery incidents reported to the U.S. Food and Drug Administration (FDA) MAUDE database were used to demonstrate the feasibility of the proposed approach for safety-based design of robotic telesurgical systems.


Hazard analysis System safety STAMP STPA Fault injection Robotic surgery Telerobotics FDA MAUDE database 


  1. 1.
    MAUDE: Manufacturer and User Facility Device Experience, U.S. Food and Drug Administration.
  2. 2.
    Alemzadeh, H., et al.: Adverse events in robotic surgery: a retrospective study of 14 years of FDA data. Technical report (2015).
  3. 3.
    Cotroneo, D., Natella, R.: Fault injection for software certification. IEEE Secur. Priv. 11(4), 38–45 (2013)CrossRefGoogle Scholar
  4. 4.
    Leveson, N.: Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, New York (2011)Google Scholar
  5. 5.
    Balgos, V.: A systems theoretic application to design for the safety of medical devices. SDM Master’s Thesis, Engineering Systems Division, MIT, Cambridge (2012)Google Scholar
  6. 6.
    Hsueh, M.C., Tsai, T.K., Iyer, R.K.: Fault injection techniques and tools. Computer 30(4), 75–82 (1997)CrossRefGoogle Scholar
  7. 7.
    Arlat, J., et al.: Fault injection for dependability validation: a methodology and some applications. IEEE Trans. Softw. Eng. 16(2), 166–182 (1990)CrossRefGoogle Scholar
  8. 8.
    Hannaford, B., et al.: RAVEN-II: an open platform for surgical robotics research. IEEE Trans. Biomed. Eng. 60(4), 954–959 (2013)CrossRefGoogle Scholar
  9. 9.
    King, H.H., et al.: Plugfest 2009: global interoperability in telerobotics and telemedicine. In: IEEE International Conference on Robotic Automation (ICRA), pp. 1733–1738. IEEE Press (2010)Google Scholar
  10. 10.
    Robotic Surgery Simulator (RoSS), Simulated Surgical Systems.
  11. 11.
    RAVEN II Source Code, University of Washington.
  12. 12.
    Lum, E., et al.: The RAVEN: Design and validation of a telesurgery system. Int. J. Robot. Res. 28(9), 1183–1197 (2009)CrossRefGoogle Scholar
  13. 13.
    Safety Assessment of RAVEN II Robot.
  14. 14.
  15. 15.
    Chen, D., et al.: Error behavior comparison of multiple computing systems: a case study using Linux on Pentium, Solaris on SPARC, and AIX on POWER. In: 14th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2008). IEEE Press (2008)Google Scholar
  16. 16.
    Faza, A., Sedigh, S., McMillin, B.: Integrated cyber-physical fault injection for reliability analysis of the smart grid. In: Schoitsch, E. (ed.) SAFECOMP 2010. LNCS, vol. 6351, pp. 277–290. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Di Martino, C., et al.: Analysis and diagnosis of SLA violations in a production SaaS cloud. In: 25th International Symposium on Software Reliability Engineering (ISSRE), pp.178–188. IEEE Press (2014)Google Scholar
  18. 18.
    Park, J.D., et al.: Method of fault injection for medical device based on ISO 26262. In: 18th IEEE International Symposium on Consumer Electronics (ISCE 2014), pp. 1–2. IEEE Press (2014)Google Scholar
  19. 19.
    Majikes, J.J., et al.: Literature review of testing techniques for medical device software. In: 4th Medical Cyber-Physical Systems Workshop (MCPS 2013). ACM Press (2013)Google Scholar
  20. 20.
    Ishimatsu, T., et al.: Hazard analysis of complex spacecraft using systems-theoretic process analysis. J. Spacecraft Rockets 51(2), 509–522 (2014)CrossRefGoogle Scholar
  21. 21.
    Antoine, B.: Systems Theoretic Hazard Analysis (STPA) applied to the risk review of complex systems: an example from the medical device industry. Ph.D. Dissertion, Massachusetts Institute of Technology (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Homa Alemzadeh
    • 1
  • Daniel Chen
    • 1
  • Andrew Lewis
    • 2
  • Zbigniew Kalbarczyk
    • 1
  • Jaishankar Raman
    • 3
  • Nancy Leveson
    • 4
  • Ravishankar Iyer
    • 1
  1. 1.University of Illinois at Urbana-ChampaignUrbanaUSA
  2. 2.Applied DexteritySeattleUSA
  3. 3.Rush University Medical CenterChicagoUSA
  4. 4.Massachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations