Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Rigorous modeling and analysis of interoperable medical devices
Mashkoor A., Sametinger J.  MSM 2016 (Proceedings of the Modeling and Simulation in Medicine Symposium, Pasadena, CA, Apr 3-6, 2016)1-8.2016.Type:Proceedings
Date Reviewed: Aug 19 2016

“First, do no harm” meets the Internet of Things (IoT)? This paper proposes that we need to be sure that medical systems are functional, safe, and secure--of course. Further, the authors try to show how these three concerns can be written separately and then automatically combined and checked to see if the system meets its requirements. They describe the need for stakeholders to be involved in an iterative requirements process. So far, so good. The authors advocate the Event-B method and Rodin toolset. They explain the method well. Given correct specifications, the B method guarantees correct code. The method uses set theory and formal logic to express specifications. This is difficult for humans to do correctly.

One specification (from the “Security Model” section of the paper) has a common error. They wished to state that only a privileged user can change the settings on a dialysis machine. Their formula (inv5) is written like this “Privileged ⇒ SettingEnabled” which is the converse of the correct translation: “SettingEnabled ⇒ Privileged.” Errors like this convinced previous methodologists [1,2] to recommend graphical and/or tabular notations.

Moreover, I am not convinced that Event-B can handle nonfunctional requirements like “the patient’s data must be strongly encrypted even while it is transmitted between devices.” I would like to see more on how they elicit, refine, and state such requirements. Several methods exist. For example, Stoneburner [3] has a useful framework and Haley et al. [4] a complex logic-based method.
Reviewer:  Richard Botting Review #: CR144698 (1612-0895)
1) Leveson, N. G.; Heimdahl, M. P. E.; Reese, J. D. Designing specification languages for process control systems: lessons learned and steps to the future. In Proc. of ESEC/FSE 1999. Springer, 1999, 127–146.
2) Parnas, D. L. Tabular representation of relations. CRL Report No. 260. October 1992, http://www.cas.mcmaster.ca/serg/papers/newtab.printer.pdf.
3) Stoneburner, G. Toward a unified security-safety model. IEEE Computer 39, 8(2006), 96–97.
4) Haley, C. B.; Laney, R.; Moffett, J.; Nuseibeh, B. Security requirements engineering: a framework for representation and analysis. IEEE Transactions on Software Engineering 34, 1(2008), 133–153.
Bookmark and Share
  Reviewer Selected
Featured Reviewer 		 
 
Model Checking (D.2.4 ... )
 
 
Medical Information Systems (J.3 ... )
 
 
Model Validation And Analysis (I.6.4 )
 
Would you recommend this review?
yes
no
Other reviews under "Model Checking": Date
Systems and software verification: model-checking techniques and tools
B ., Bidoit M., Finkel A., Laroussinie F., Petit A., Petrucci L., Schnoebelen P., McKenzie P., Springer-Verlag New York, Inc., New York, NY, 1999.  190, Type: Book (9783540415237)		 Sep 30 2002
Module checking
Kupferman O., Vardi M., Wolper P. Information and Computation 164(2): 322-344, 2001. Type: Article		 Mar 1 2002
SMC: a symmetry-based model checker for verification of safety and liveness properties
Sistla A., Gyuris V., Emerson E. ACM Transactions on Software Engineering and Methodology 9(2): 133-166, 2000. Type: Article		 Sep 1 2000
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy