Beruflich Dokumente
Kultur Dokumente
Available at http://www.ijcsonline.com/
Dept. of CSE, Indo American Institutions Technical Campus, Sankaram, Anakapalle Visakhapatnam, India
Abstract
Software for Medical Cyber-Physical System (MCPS) must deal with the hazards recognized by safety analysis to help
make it secure, risk-free and fail-safe. Computer based bio-electronic systems are used for replacement of damaged
human areas such as Bionic-ear for hearing problems, Bionic-eye for loss of sight, Deep Brain Stimulator for illnesses of
the mind, and Bionic-arm for arm prostheses. The aim of this paper is to investigate a system-based design approach to
modeling of software safety in MCPS and reduce the probability of unsafe system conditions through using a variety of
management, organization, technical measures. There is currently no formal methodology to test and verify the correct
operation of medical device software within the closed-loop context of the patient. To solve the above problem, use three
analysis methods such as Failure Modes and Effects Analysis (FMEA), Fault Tree Analysis (FTA) and System theoretic
process analysis (STPA) techniques to identify potentially hazardous software faults and development of software safety
for Control Software for Clinical Programming (CSCP) as medical device software and also discuss the safety properties
of clinical programming software. The systems theoretic accident model and process (STAMP) is used to find out the
hazards and guidance to the control structure of hazards. We applied the analysis methods to CPS and propose
approach for software safety in safety-critical medical cyber-critical systems. This approach was applied to CSCP of
cochlear implant system (CIS). Development of a cyber-physical system based on this approach provides enhanced
safety operations for software. Finally, we describe the implementation of all modules in CSCP software. A custom built
Database Application (DA) for medical development of Bionic Ear is developed under Visual Studio software
environment using MS-Access database. In this paper, STAMP is presented in the Medical cyber-physical system hazard
analysis process through a case study example. In this paper, we examine CSCP of CIS system and utilize a systemtheoretic approach taking both physical and cyber components into account deal with the potential hazards occurred in
system. We show how such strategy is capable of determining software hazards designed towards MCPS and provide
practical new requirements and design decisions that can be utilized by MCPS designers in building a safety MCPS.
Keywords: Medical Cyber-Physical System, software safety, closed-loop system, Control Software for Clinical
Programming, Cochlear Implant System.
I.
INTRODUCTION
158 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016
B. Umamaheswararao et al
STAMP MODEL
159 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016
B. Umamaheswararao et al
160 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016
B. Umamaheswararao et al
H9
H10
H11
H12
H13
H14
H15
H16
H2
H3
H4
H5
H6
H7
Identifying incorrect
impedance module.
H8
electrode
required
failure
CONSTRAINTS
AND
hazar
ds
Safety
constraints (SC)
Safety
Requirements (SR)
H1
H2
H3
For the purpose of the case study, the hazard that will
be analyzed is H1. The system reports erroneous patients
results to the medical staff is the hazard that led to the
medical casualty, and subsequent case accident.
161 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016
B. Umamaheswararao et al
C.
D.
Identify
Unsafe
Control
Actions
Requir
ed
action
not
provide
d
Unsafe
action
provide
d
Patient
status
signal
Catastro
phicWrong
patient
info
determi
nation
Catastro
phicWrong
patient
info
determi
nation
CSCP
DSPS :
comman
d normal
Catastro
phicwrong
determi
nation
of
patient
informa
tion, PL
values,
filer coefficient
Catastro
phicincorrec
t values
are
gathere
d.
High
system
volume
Catastro
phicWrong
patient
info and
impedan
ce
values
determi
nation
(N/
A)
Not an
hazard
(N/
A)
Must be
done
assured
Must be done
before
opening
the
system and after
isolating
ITMS
CSCP:
provide
impedan
ce values
Volume
release
Incorrect
Timing/Order
Control
action stops
To
o
ear
ly
Not
an
haz
ard
(N/
A)
Too late
Too
soon
Catastroph
ic- Wrong
patient
info
determinat
ion
and
system is
hang and
acknowled
gement
time
Catastroph
ic- Wrong
patient
info
determinat
ion
and
system is
hang and
acknowled
gement
time
Not an
hazard
To
o
lon
g
(N/
A)
Not an
hazard
(N/
A)
Catastroph
icincorrect
values are
gathered.
Catastr
ophicnetwork
drop
out
(N/
A)
Too
high
volume
in the system
162 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016
B. Umamaheswararao et al
to
initiate
impedance
to
initiate
impedance
163 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016
B. Umamaheswararao et al
VI.
RESULT DISCUSSION
164 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016
B. Umamaheswararao et al
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
165 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016