IEEE 11073 20101 Application Profile – Association Control Function
Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207...
Transcript of Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207...
![Page 1: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/1.jpg)
Runtime Verification forInterconnected Medical Devices
Martin Leucker Malte Schmitz Danilo à Tellinghusenleucker,schmitz,[email protected]
Institute for Software Engineering and Programming Languages,University of Lübeck, Germany
7th International Symposium on Leveraging Applications ofFormal Methods, Verification and Validation
![Page 2: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/2.jpg)
Outline
1. Interconnection of Medical Devices
2. Runtime Verification for Medical Devices
3. Device ModelerRisk Analysis through Contract Enforcement
4. Swiss Army KnifeInterconnection Debugging Tool
Leucker, Schmitz, Tellinghusen ISoLA 2016 2
![Page 3: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/3.jpg)
Operation Room 1956
Leucker, Schmitz, Tellinghusen ISoLA 2016 3
![Page 4: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/4.jpg)
Operation Room 2016
Leucker, Schmitz, Tellinghusen ISoLA 2016 4
![Page 5: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/5.jpg)
Safe Interconnection of Medical Devices
Upcoming IEEE 11073-SDC standardI Interconnect medical devices
in the operation room.
I Dynamic interconnection of devicesfrom different manufacturers.
I Devices announce themselves in networkwith an interface description.
Leucker, Schmitz, Tellinghusen ISoLA 2016 5
![Page 6: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/6.jpg)
IEEE 11073-SDC
Open Surgical Communication Protocol (OSCP)
Source: Martin Kasparick, Stefan Schlichting, Frank Golatowski, Dirk Timmermann:New IEEE 11073 standards for interoperable, networked point-of-care Medical Devices. EMBC 2015
Leucker, Schmitz, Tellinghusen ISoLA 2016 6
![Page 7: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/7.jpg)
IEEE 11073-10207
Semantic Interoperable Domain Information & Service Model
Source: Martin Kasparick, Stefan Schlichting, Frank Golatowski, Dirk Timmermann:New IEEE 11073 standards for interoperable, networked point-of-care Medical Devices. EMBC 2015
Leucker, Schmitz, Tellinghusen ISoLA 2016 7
![Page 8: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/8.jpg)
§
Risk Analysis
: Contract Enforcement
I European Medical Device Directive demandsexecution of risk management.
I How to do risk management fordynamic interconnection?
Embedded monitors check at runtime thatI the device itself andI other devices controlling it
satisfy the interface description.
Leucker, Schmitz, Tellinghusen ISoLA 2016 8
![Page 9: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/9.jpg)
§
Risk Analysis: Contract Enforcement
I European Medical Device Directive demandsexecution of risk management.
I How to do risk management fordynamic interconnection?
Embedded monitors check at runtime thatI the device itself andI other devices controlling it
satisfy the interface description.
Leucker, Schmitz, Tellinghusen ISoLA 2016 8
![Page 10: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/10.jpg)
Our Tools
Leucker, Schmitz, Tellinghusen ISoLA 2016 9
![Page 11: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/11.jpg)
Our Tools
Device Modeler
I Model the device containment treeincluding constraints for metrics
I Generate network interface codeincluding runtime monitors
Swiss Army Knife
I Debug devices in networkand manipulate them through SCO
I Specify constraints for metricsand execute monitors checking those
Leucker, Schmitz, Tellinghusen ISoLA 2016 10
![Page 12: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/12.jpg)
Specifying Temporal Properties
I Specify temporal behavior of metric’sobserved value, invocation state, . . .
I Smart Assertion Logic for Temporal Logic(SALT, Bauer, Leucker, Streit 2006) . . .
I Impartial Anticipation using LTL3 Semantics(Bauer, Leucker, Schallhart 2011)
Example
assert "brightness.value < 70"until "readiness_state.value = 'READY'"
Leucker, Schmitz, Tellinghusen ISoLA 2016 11
![Page 13: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/13.jpg)
OSCP Device Modeler Workbench
Leucker, Schmitz, Tellinghusen ISoLA 2016 12
![Page 14: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/14.jpg)
OSCP Device Modeler Workbench
Leucker, Schmitz, Tellinghusen ISoLA 2016 12
![Page 15: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/15.jpg)
OSCP Device Modeler
Leucker, Schmitz, Tellinghusen ISoLA 2016 13
![Page 16: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/16.jpg)
OSCP Device Architecture
Leucker, Schmitz, Tellinghusen ISoLA 2016 14
![Page 17: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/17.jpg)
OSCP Device Monitoring
Leucker, Schmitz, Tellinghusen ISoLA 2016 15
![Page 18: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/18.jpg)
OSCP Device Monitoring
Leucker, Schmitz, Tellinghusen ISoLA 2016 16
![Page 19: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/19.jpg)
OSCP Device Monitoring
Leucker, Schmitz, Tellinghusen ISoLA 2016 17
![Page 20: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/20.jpg)
OSCP Swiss Army Knife
Leucker, Schmitz, Tellinghusen ISoLA 2016 18
![Page 21: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/21.jpg)
OSCP Swiss Army Knife
I Discover all active devices in network
I Show interface description
I Show current values
I Allow manipulation through service model
I Allow attachment of monitors
Leucker, Schmitz, Tellinghusen ISoLA 2016 19
![Page 22: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/22.jpg)
Monitor Injection in Swiss Army Knife
OSCLib
Network
Entry
GUI
Value Monitor MonitorGUI
invoke command
observe update
register callback update
Leucker, Schmitz, Tellinghusen ISoLA 2016 20
![Page 23: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/23.jpg)
Demo
DemoLeucker, Schmitz, Tellinghusen ISoLA 2016 21
![Page 24: Runtime Verification for [3pt] Interconnected Medical Devices · 2016. 12. 2. · IEEE 11073-10207 Semantic Interoperable Domain Information & Service Model Source: Martin Kasparick,](https://reader035.fdocuments.us/reader035/viewer/2022071214/6042e6dd66c09c42cb60921b/html5/thumbnails/24.jpg)
Conclusion
I IEEE 11073-SDC is upcoming standard for interconnection ofmedical point-of-care devices.
I Devices announce their interface to the local network.I Monitors can be attached to devices’ metrics.I Monitors enforce own device and remote controlling device
to satisfy the interface description.I Swiss Army Knife discovers devices.I Swiss Army Knife manipulates devices’ states.
Leucker, Schmitz, Tellinghusen ISoLA 2016 22