Assurance Cases in Model-Driven Development of the Pacemaker Software

  • Eunkyoung Jee
  • Insup Lee
  • Oleg Sokolsky
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6416)


We discuss the construction of an assurance case for the pacemaker software. The software is developed following a model-based technique that combined formal modeling of the system, systematic code generation from the formal model, and measurement of timing behavior of the implementation. We show how the structure of the assurance case reflects our development approach.


assurance case pacemaker challenge model-driven development real-time software 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Software Quality Research Laboratory: Pacemaker formal methods challenge,
  2. 2.
    Jee, E., Wang, S., Kim, J.K., Lee, J., Sokolsky, O., Lee, I.: A Safety-Assured Development Approach for Real-Time Software. In: The Proceedings of 16th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, pp. 133–142 (August 2010)Google Scholar
  3. 3.
    Adelard: ASCAD – The Adelard Safety Case Development (ASCAD) Manual (1998)Google Scholar
  4. 4.
    Wassyng, A., Maibaum, T., Lawford, M.: Software certification: The case against safety-cases. In: Proceedings of the Workshop on Modeling, Development, and Verification of Adaptive Computer Systems (to appear, April 2010)Google Scholar
  5. 5.
    Oregon Health and Science University: Overview of pacemakers,
  6. 6.
    Boston Scientific: Pacemaker system specification (January 2007),
  7. 7.
    Alur, R., Dill, D.L.: A theory of timed automata. Theoretical Computer Science 126, 183–235 (1994)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Behrmann, G., David, A., Larsen, K.G.: A Tutorial on Uppaal (November 2004)Google Scholar
  9. 9.
    Microchip: PIC18 family microcontroller,
  10. 10.
    Amnell, T., Fersman, E., Mokrushin, L., Pettersson, P., Yi, W.: TIMES: a tool for schedulability analysis and code generation of real-time systems. In: Proceedings of the 1st International Workshop on Formal Modeling and Analysis of Timed Systems, pp. 60–72 (September 2003)Google Scholar
  11. 11.
    Kelly, T., Weaver, R.: The goal structuring notation – a safety argument notation. In: Proceedings of the Dependable Systems and Networks 2004 Workshop on Assurance Cases (2004)Google Scholar
  12. 12.
    Amnell, T., Fersman, E., Pettersson, P., Yi, W., Sun, H.: Code synthesis for timed automata. Nordic Journal of Computing 9(4), 269–300 (2002)MathSciNetMATHGoogle Scholar
  13. 13.
    Ferdinand, C., Heckmann, R.: aiT: Worst-case execution time prediction by static programm analysis. In: Jacquart, R. (ed.) IFIP Congress Topical Sessions, pp. 377–384. Kluwer, Dordrecht (2004)Google Scholar
  14. 14.
    Weinstock, C.B., Goodenough, J.B.: Towards an assurance case practice for medical device. Technical Report CMU/SEI-2009-TN-018, CMU/SEI (October 2009)Google Scholar
  15. 15.
    Kelly, T., McDermid, J.: Safety case construction and reuse using patterns. In: Proceedings of the 16th International Conference on Computer Safety, Reliability and Security, pp. 55–69. Springer, Heidelberg (1997)Google Scholar
  16. 16.
    Bloomfield, R.E., Guerra, S., Miller, A., Masera, M., Weinstock, C.B.: International working group on assurance cases (for security). IEEE Security and Privacy 4(3), 66–68 (2006)CrossRefGoogle Scholar
  17. 17.
    Nguyen, E.A., Greenwell, W.S., Hecht, M.J.: Using an assurance case to support independent assessment of the transition to a new GPS ground control system. In: Proceedings of the International Conference on Dependable Systems and Networks, Anchorage, Alaska (June 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Eunkyoung Jee
    • 1
  • Insup Lee
    • 1
  • Oleg Sokolsky
    • 1
  1. 1.PRECISE Center, Department of Computer and Information ScienceUniversity of PennsylvaniaPhiladelphiaUSA

Personalised recommendations