Abstract
We present a formal verification approach for detecting design issues related to user interaction, with a focus on user interface of medical devices. The approach makes a novel use of configuration diagrams proposed by Rushby to formally verify important human factors properties of user interface implementation. In particular, it first translates the software implementation of user interface into an equivalent formal specification, from which a behavioral model is constructed using theorem proving; human factors properties are then verified against the behavioral model; lastly, a comprehensive set of test inputs are produced by exploring the behavioral model, which can be used to challenge the real interface implementation and to ensure that the issues detected in the behavior model do apply to the implementation.
We have prototyped the approach based on the PVS proof system, and applied it to analyze the user interface of a real medical device. The analysis detected several interaction design issues in the device, which may potentially lead to severe consequences.
The rights of this work are transferred to the extent transferable according to title 17 U.S.C. 105.
Chapter PDF
Similar content being viewed by others
References
AAMI Medical Device Software Committee. Medical device software risk management. AAMI Tech. Rep. TIR32:2004 (2004)
Ball, T., Cook, B., Das, S., Rajamani, S.K.: Refining approximations in software predicate abstraction. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 388–403. Springer, Heidelberg (2004)
Bolton, M.L., Bass, E.J.: Formally verifying human-automation interaction as part of a system model: Limitations and tradeoffs. Innovations in Systems and Software Engineering 6(3), 219–231 (2010)
Campos, J.C., Harrison, M.D.: Modelling and analysing the interactive behaviour of an infusion pump. Electronic Communications of the EASST (2011)
Cauchi, A., Gimblett, A., Thimbleby, H., Curzon, P., Masci, P.: Safer 5-key number entry user interfaces using differential formal analysis. In: BCS-HCI (2012)
Center for Devices and Radiological Health, US Food and Drug Administration. White Paper: Infusion Pump Improvement Initiative (2010)
Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)
Dwyer, M.B., Tkachuk, O., Visser, W., et al.: Analyzing interaction orderings with model checking. In: ASE 2004, pp. 154–163. IEEE Computer Society (2004)
Gelman, G.E., Feigh, K.M., Rushby, J.: Example of a complementary use of model checking and agent-based simulation. In: SMC 2013. IEEE (2013)
Ginsburg, G.: Human factors engineering: A tool for medical device evaluation in hospital procurement decision-making. Journal of Bio. Informatics 38(3) (2005)
Harrison, M.D., Campos, J.C., Masci, P.: Reusing models and properties in the analysis of similar interactive devices. Innovations in Systems and Software Engineering, 1–17 (2013)
Harrison, M.D., Masci, P., Campos, J.C., Curzon, P.: Automated theorem proving for the systematic analysis of interactive systems. In: FMIS 2013 (2013)
Jetley, R., Purushothaman Iyer, S., Jones, P.L.: A formal methods approach to medical device review. Computer 39(4), 61–67 (2006)
Masci, P., Curzon, P., Harrison, M.D., Ayoub, A., Lee, I., Thimbleby, H.: Verification of interactive software for medical devices: PCA infusion pumps and FDA regulation as an example. In: EICS 2013. ACM Digital Library (2013)
Masci, P., Rukšėnas, R., Oladimeji, P., Cauchi, A., Gimblett, A., Li, Y., Curzon, P., Thimbleby, H.: On formalising interactive number entry on infusion pumps. Electronic Communications of the EASST 45 (2011)
Masci, P., Rukšėnas, R., Oladimeji, P., Cauchi, A., Gimblett, A., Li, Y., Curzon, P., Thimbleby, H.: The benefits of formalising design guidelines: a case study on the predictability of drug infusion pumps. Innovations in Systems and Software Engineering, 1–21 (2013)
Masci, P., Zhang, Y., Curzon, P., Harrison, M.D., Jones, P., Thimbleby, H.: Verification of software for medical devices in PVS. CHI+MED Tech. Rep. (2013), http://www.chi-med.ac.uk/researchers/bibdetail.php?docID=656
Munoz, C.: Rapid prototyping in PVS. National Institute of Aerospace, Hampton, VA, USA, Tech. Rep. NIA, 3 (2003)
Oladimeji, P., Masci, P., Curzon, P., Thimbleby, H.: PVSio-web: A tool for rapid prototyping device user interfaces in PVS. In: FMIS 2013 (2013)
Owre, S., Rajan, S., Rushby, J., Shankar, N., Srivas, M.: PVS: Combining specification, proof checking, and model checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 411–414. Springer, Heidelberg (1996)
Rukšėnas, R., Curzon, P., Blandford, A.E., Back, J.: Combining human error verification and timing analysis: A case study on an infusion pump. Formal Aspects of Computing (2013) (in press)
Rukšėnas, R., Masci, P., Harrison, M.D., Curzon, P.: Developing and verifying user interface requirements for infusion pumps: A refinement approach. In: FMIS 2013 (2013)
Rushby, J.: Verification diagrams revisited: Disjunctive invariants for easy verification. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 508–520. Springer, Heidelberg (2000)
Rushby, J.: Using model checking to help discover mode confusions and other automation surprises. Reliability Engineering & System Safety 75(2), 167–177 (2002)
Shankar, N., Owre, S.: Principles and pragmatics of subtyping in PVS. In: Bert, D., Choppy, C., Mosses, P.D. (eds.) WADT 1999. LNCS, vol. 1827, pp. 37–52. Springer, Heidelberg (2000)
Shankar, N., Owre, S., Rushby, J., Stringer-Calvert, D.: PVS prover guide. Computer Science Laboratory, vol. 1, pp. 11–12. SRI International, Menlo Park (2001)
Story, M.F.: The FDA perspective on human factors in medical device software Development. In: IQPC Software Design for Medical Devices Europe (2012)
Thimbleby, H.: Press on: Principles of Interaction Programming. Mit Press (2007)
Thimbleby, H., Cairns, P.: Reducing number entry errors: solving a widespread, serious problem. Journal of the Royal Society Interface 7(51), 1429–1439 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Masci, P., Zhang, Y., Jones, P., Curzon, P., Thimbleby, H. (2014). Formal Verification of Medical Device User Interfaces Using PVS. In: Gnesi, S., Rensink, A. (eds) Fundamental Approaches to Software Engineering. FASE 2014. Lecture Notes in Computer Science, vol 8411. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54804-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-54804-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54803-1
Online ISBN: 978-3-642-54804-8
eBook Packages: Computer ScienceComputer Science (R0)