The Specification and Analysis of Use Properties of a Nuclear Control System

  • Michael D. Harrison
  • Paolo M. Masci
  • José Creissac Campos
  • Paul Curzon
Part of the Human–Computer Interaction Series book series (HCIS)


This chapter explores a layered approach to the analysis of the Nuclear Power Plant Control System described in Chap.  4. A model is specified to allow the analysis of use-centred properties based on generic templates. User interface properties include the visibility of state attributes, the clarity of the mode structure and the ease with which an action can be recovered from. Property templates are used as heuristics to ease the construction of requirements for the control system interface.


Interface Layer Interactive System Design Pattern Theorem Prove Slider Mode 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



José Creissac Campos and Michael Harrison were funded by project ref. NORTE-07-0124-FEDER-000062, co-financed by the North Portugal Regional Operational Programme (ON.2 O Novo Norte), under the National Strategic Reference Framework (NSRF), through the European Regional Development Fund (ERDF), and by national funds, through the Portuguese foundation for science and technology (FCT). Paul Curzon, Michael Harrison and Paolo Masci were funded by the CHI+MED project: Multidisciplinary Computer Human Interaction Research for the design and safe use of interactive medical devices project, UK EPSRC Grant Number EP/G059063/1.


  1. AAMI (2010) Medical devices—application of usability engineering to medical devices. Technical Report ANSI AMI IEC 62366:2007, Association for the advancement of medical instrumentation, 4301 N Fairfax Drive, Suite 301, Arlington VA 22203-1633Google Scholar
  2. Abrial JR (2010) Modeling in event-B: system and software engineering. Cambridge University PressGoogle Scholar
  3. Bolton ML, Bass EJ, Siminiceanu RI (2012) Generating phenotypical erroneous human behavior to evaluate human-automation interaction using model checking. Int J Human-Comput Stud 70:888–906CrossRefGoogle Scholar
  4. Bowen J, Reeves S (2015) Design patterns for models of interactive systems. In: 2015 24th Australasian software engineering conference (ASWEC). IEEE, pp 223–232Google Scholar
  5. Campos JC, Harrison MD (2008) Systematic analysis of control panel interfaces using formal tools. In: Graham N, Palanque P (eds) Interactive systems: design, specification and verification, DSVIS ’08. Springer, no. 5136 in Springer lecture notes in computer science, pp 72–85Google Scholar
  6. Campos JC, Harrison MD (2009) Interaction engineering using the IVY tool. In: Graham T, Gray P, Calvary G (eds) Proceedings of the ACM SIGCHI symposium on engineering interactive computing systems. ACM Press, pp 35–44Google Scholar
  7. Campos JC, Doherty G, Harrison MD (2014) Analysing interactive devices based on information resource constraints. Int J Human-Comput Stud 72:284–297CrossRefGoogle Scholar
  8. Campos JC, Sousa M, Alves MCB, Harrison MD (2016) Formal verification of a space system’s user interface with the IVY workbench. IEEE Trans Human Mach Syst 46(2):303–316CrossRefGoogle Scholar
  9. Duke DJ, Harrison MD (1993) Abstract interaction objects. Comput Graph. Forum 12(3):25–36Google Scholar
  10. Gelman G, Feigh K, Rushby J (2013) Example of a complementary use of model checking and agent-based simulation. In: 2013 IEEE international conference on, systems, man, and cybernetics (SMC), pp 900–905. doi: 10.1109/SMC.2013.158
  11. Gow J, Thimbleby H, Cairns P (2006) Automatic critiques of interface modes. In: Gilroy S, Harrison M (eds) Proceedings 12th international workshop on the design, specification and verification of interactive systems. Springer, no. 3941 in Springer lecture notes in computer science, pp 201–212Google Scholar
  12. Harrison M, Campos J, Masci P (2015a) Patterns and templates for automated verification of user interface software design in pvs. Technical report TR-1485, School of computing science, Newcastle universityGoogle Scholar
  13. Harrison M, Campos J, Masci P (2015b) Reusing models and properties in the analysis of similar interactive devices. Innovations Syst Soft Eng 11(2):95–111CrossRefGoogle Scholar
  14. Harrison M, Campos J, Ruksenas R, Curzon P (2016) Modelling information resources and their salience in medical device design. In: EICS ’16 proceedings of the 8th ACM SIGCHI symposium on engineering interactive computing systems. ACM Press, pp 194–203Google Scholar
  15. Harrison MD, Masci P, Campos JC, Curzon P (2014) Demonstrating that medical devices satisfy user related safety requirements. In: Proceedings of fourth symposium on foundations of health information engineering and systems (FHIES) and sixth software engineering in healthcare (SEHC) workshop. Springer, in pressGoogle Scholar
  16. Heitmeyer C, Kirby J, Labaw B (1998) Applying the SRC requirements method to a weapons control panel: an experience report. In: Proceedings of the second workshop on formal methods in software practice (FMSP ’98), pp 92–102Google Scholar
  17. King AL, Procter S, Andresen D, Hatcliff J, Warren S, Spees W, Jetley R, Raoul P, Jones P, Weininger S (2009) An open test bed for medical device integration and coordination. In: ICSE companion, pp 141–151Google Scholar
  18. Konrad S, Cheng BHC (2002) Requirements patterns for embedded systems. In: Proceedings of IEEE joint international conference on requirements engineering. IEEE, pp 127–136Google Scholar
  19. Larson B, Hatcliff J, Procter S, Chalin P (2012) Requirements specification for apps in medical application platforms. In: Proceedings of the 4th international workshop on software engineering in health care. IEEE Press, pp 26–32Google Scholar
  20. Lavagno L, Sangiovanni-Vincentelli A, Sentovich E (1999) Models of computation for embedded system design. In: System-level synthesis. Springer, pp 45–102Google Scholar
  21. Li T, Tan F, Wang Q, Bu L, Cao J, Liu X (2014) From offline toward real time: a hybrid systems model checking and CPS codesign approach for medical device plug-and-play collaborations. IEEE Trans Parallel Distrib Syst 25(3):642–652CrossRefGoogle Scholar
  22. Masci P, Huang H, Curzon P, Harrison MD (2012) Using PVS to investigate incidents through the lens of distributed cognition. In: Goodloe AE, Person S (eds) NASA formal methods, Lecture notes in computer science, vol 7226. Springer, Berlin, Heidelberg, pp 273–278. doi: 10.1007/978-3-642-28891-3_27
  23. Masci P, Ayoub A, Curzon P, Lee I, Sokolsky O, Thimbleby H (2013) Model-based development of the generic PCA infusion pump user interface prototype in PVS. In: Bitsch F, Guiochet J, Ka\(\hat{a}\)niche M (eds) Computer safety, reliability, and security, Springer lecture notes in computer science, vol 8153. Springer, pp 228–240Google Scholar
  24. Masci P, Zhang Y, Jones P, Curzon P, Thimbleby HW (2014) Formal verification of medical device user interfaces using PVS. In: 17th international conference on fundamental approaches to software engineering, ETAPS/FASE2014. Springer, Berlin, HeidelbergGoogle Scholar
  25. Masci P, Oladimeji P, Curzon P, Thimbleby H (2015) PVSio-web 2.0: joining PVS to human-computer interaction. In: 27th international conference on computer aided verification (CAV2015). Springer, Tool and application examples available at
  26. Nielsen J, Molich R (1990) Heuristic evaluation of user interfaces. In: Chew J, Whiteside J (eds) ACM CHI proceedings CHI ’90: empowering people, pp 249–256Google Scholar
  27. Polson PG, Lewis C, Rieman J, Wharton C (1992) Cognitive walkthroughs: a method for theory-based evaluation of user interfaces. Int J Man-Mach Stud 36(5):741–773CrossRefGoogle Scholar
  28. Shankar N, Owre S, Rushby JM, Stringer-Calvert D (1999) PVS system guide, PVS language reference, PVS prover guide, PVS prelude library, abstract datatypes in PVS, and theory interpretations in PVS. Computer science laboratory, SRI international, Menlo Park, CA.
  29. Sorouri M, Patil S, Vyatkin V (2012) Distributed control patterns for intelligent mechatronic systems. In: 2012 10th IEEE international conference on industrial informatics (INDIN). IEEE, pp 259–264Google Scholar
  30. Steiner W, Rushby J (2011) TTA and PALS: formally verified design patterns for distributed cyber-physical systems. In: 2011 IEEE/AIAA 30th digital avionics systems conference (DASC). IEEEGoogle Scholar
  31. Tan F, Wang Y, Wang Q, Bu L, Suri N (2015) A lease based hybrid design pattern for proper-temporal-embedding of wireless CPS interlocking. IEEE Trans Parallel Distrib Syst 26(10):2630–2642CrossRefGoogle Scholar
  32. Vlissides J, Helm R, Johnson R, Gamma E (1995) Design patterns: elements of reusable object-oriented software, vol 49, no 120. Addison-Wesley, Reading, p 11Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Michael D. Harrison
    • 1
  • Paolo M. Masci
    • 2
  • José Creissac Campos
    • 2
  • Paul Curzon
    • 3
  1. 1.School of Computing ScienceNewcastle UniversityNewcastle upon TyneUK
  2. 2.Dep. Informática/Universidade do Minho & HASLab/INESC TECBragaPortugal
  3. 3.EECSQueen Mary University of LondonLondonUK

Personalised recommendations