From Requirements to Code: Model Based Development of a Medical Cyber Physical System

  • Anitha Murugesan
  • Mats P. E. Heimdahl
  • Michael W. Whalen
  • Sanjai Rayadurgam
  • John Komp
  • Lian Duan
  • Baek-Gyu Kim
  • Oleg Sokolsky
  • Insup Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9062)


The advanced use of technology in medical devices has improved the way health care is delivered to patients. Unfortunately, the increased complexity of modern medical devices poses challenges for development, assurance, and regulatory approval. In an effort to improve the safety of advanced medical devices, organizations such as FDA have supported exploration of techniques to aid in the development and regulatory approval of such systems. In an ongoing research project, our aim is to provide effective development techniques and exemplars of system development artifacts that demonstrate state of the art development techniques.

In this paper we present an end-to-end model-based approach to medical device software development along with the artifacts created in the process. While outlining the approach, we also describe our experiences, challenges, and lessons learned in the process of formulating and analyzing the requirements, modeling the system, formally verifying the models, generating code, and executing the generated code in the hardware for generic patient controlled analgesic infusion pump (GPCA). We believe that the development artifacts and techniques presented in this paper could serve as a generic reference to be used by researchers, practitioners, and authorities while developing and evaluating cyber physical medical devices.


  1. 1.
    Behrmann, G., David, A., Larsen, K.G.: A tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30080-9_7 CrossRefGoogle Scholar
  2. 2.
    Cofer, D., Gacek, A., Miller, S., Whalen, M.W., LaValley, B., Sha, L.: Compositional verification of architectural models. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 126–140. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28891-3_13 CrossRefGoogle Scholar
  3. 3.
    FDA. White Paper: Infusion Pump Improvement Initiative, April 2010Google Scholar
  4. 4.
    Gunter, C.A., Gunter, E.L., Jackson, M., Zave, P.: A reference model for requirements and specifications. IEEE Software 17(3), 37–43 (2000)CrossRefGoogle Scholar
  5. 5.
    Hammond, J., Rawlings, R., Hall, A.: Will it work? [requirements engineering]. In: Fifth IEEE International Symposium on Requirements Engineering, Proceedings, pp. 102–109 (2001)Google Scholar
  6. 6.
    Heimdahl, M.P.E., Duan, L., Murugesan, A., Rayadurgam, S.: Modeling and requirements on the physical side of cyber-physical systems. In: Second International Workshop on the Twin Peaks of Requirements and Architecture, May 2013Google Scholar
  7. 7.
    Heimdahl, M.P.E., Rayadurgam, S., Visser, W., Devaraj, G., Gao, J.: Auto-generating test sequences using model checkers: a case study. In: 3rd International Workshop on Formal Approaches to Testing of Software (FATES 2003) (2003)Google Scholar
  8. 8.
    Joshi, A., Miller, S.P., Heimdahl, M.P.E.: Mode confusion analysis of a flight guidance system using formal methods. In: Proceedings of 22nd Digital Avionics Systems Conference (DASC 2003), vol. 1, p. 2-D. IEEE (2003)Google Scholar
  9. 9.
    Kim, B.G., Ayoub, A., Sokolsky, O., Lee, I., Jones, P., Zhang, Y., Jetley, R.: Safety-assured development of the GPCA infusion pump software. In: Proceedings of the International Conference on Embedded Software (EMSOFT), pp. 155–164, October 2011Google Scholar
  10. 10.
    Knight, J.C.: Safety critical systems: challenges and directions. In: Proceedings of the 24th International Conference on Software Engineering, pp. 547–550. IEEE (2002)Google Scholar
  11. 11.
    Leveson, N., Pinnel, L.D., Sandys, S.D., Koga, S., Reese, J.D.: Analyzing software specifications for mode confusion potential. In: Proceedings of a Workshop on Human Error and System Development, pp. 132–146 (1997)Google Scholar
  12. 12.
    MathWorks Inc. Products.
  13. 13.
    McMillan, K.L.: Circular compositional reasoning about liveness. Technical report 1999–02, Cadence Berkeley Labs, Berkeley, CA 94704 (1999)Google Scholar
  14. 14.
    Miller, S.P., Tribble, A.C., Whalen, M.W., Heimdahl, M.P.E.: Proving the shalls: early validation of requirements through formal methods. Int. J. Softw. Tools Technol. Transf. 8(4), 303–319 (2006)CrossRefGoogle Scholar
  15. 15.
    Miller, S.P., Whalen, M.W., Cofer, D.D.: Software model checking takes off. Commun. ACM 53(2), 58–64 (2010)CrossRefGoogle Scholar
  16. 16.
    Murugesan, A., Rayadurgam, S., Heimdahl, M.P.E.: Modes, features, and state-based modeling for clarity and flexibility. In: Fifth International Workshop on Modeling in Software Engineering, May 2013Google Scholar
  17. 17.
    Murugesan, A., Rayadurgam, S., Heimdahl, M.P.E.: Using models to address challenges in specifying requirements for medical cyber-physical systems. In: Fourth workshop on Medical Cyber-Physical Systems, April 2013Google Scholar
  18. 18.
    Murugesan, A., Sokolsky, O., Rayadurgam, S., Whalen, M., Heimdahl, M.P.E., Lee, I.: Linking abstract analysis to concrete design: a hierarchical approach to verify medical CPS safety. In: International Conference on Cyber-Physical Systems (ICCPS) 2014, April 2014Google Scholar
  19. 19.
    Murugesan, A., Whalen, M.W., Rayadurgam, S., Heimdahl, M.P.E.: Compositional verification of a medical device system. In: ACM International Conference on High Integrity Language Technology (HILT). ACM, November 2013Google Scholar
  20. 20.
    Nuseibeh, B.: Weaving together requirements and architectures. Computer 34, 115–117 (2001)CrossRefGoogle Scholar
  21. 21.
    Pajic, M., Mangharam, R., Sokolsky, O., Arney, D., Goldman, J., Lee, I.: Model-driven safety analysis of closed-loop medical systems. IEEE Trans. Ind. Inform. PP, 1–12 (2010). In early online accessGoogle Scholar
  22. 22.
    Rajan, A., Whalen, M.W., Staats, M., Deng, W., Heimdahl, M.P.E.: The effect of program and model structure on the fault finding ability of MC/DC test suites. In: Proceedings of Int’l Symposium on Software Testing and Analysis (ISSTA) (2008, submitted).
  23. 23.
  24. 24.
    Sha, L., Gopalakrishnan, S., Liu, X., Wang, Q.: Cyber-physical systems: a new frontier. In: Machine Learning in Cyber Trust, pp. 3–13. Springer, New York (2009)Google Scholar
  25. 25.
    Staats, M., Gay, G., Whalen, M.W., Heimdahl, M.P.E.: On the danger of coverage directed test case generation. In: 15th International Conference on Fundamental Approaches to Software Engineering (FASE), April 2012Google Scholar
  26. 26.
    Whalen, M., Murugesan, A., Rayadurgam, S., Heimdahl, M.: Structuring Simulink models for verification and reuse. In: Proceedings of the 6th International Workshop on Modeling in Software Engineering (2014)Google Scholar
  27. 27.
    Whalen, M.W., Gacek, A., Cofer, D., Murugesan, A., Heimdahl, M.P.E., Rayadurgam, S.: Your what is my how: iteration and hierarchy in system design. IEEE Software 30(2), 54–60 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Anitha Murugesan
    • 1
  • Mats P. E. Heimdahl
    • 1
  • Michael W. Whalen
    • 1
  • Sanjai Rayadurgam
    • 1
  • John Komp
    • 1
  • Lian Duan
    • 1
  • Baek-Gyu Kim
    • 2
  • Oleg Sokolsky
    • 2
  • Insup Lee
    • 2
  1. 1.Department of Computer Science and EngineeringUniversity of MinnesotaMinneapolisUSA
  2. 2.Department of Computer and Information ScienceUniversity of PennsylvaniaPhiladelphiaUSA

Personalised recommendations