Improving the Trustworthiness of Medical Device Software with Formal Verification Methods

Wearable and implantable medical devices are commonly used for diagnosing, monitoring, and treating various medical conditions. Increasingly complex software and wireless connectivity have enabled great improvements in the quality of care and convenience for users of such devices. However, an unfortunate side-effect of these trends has been the emergence of security concerns. In this letter, we propose the use of formal verification techniques to verify temporal safety properties and improve the trustworthiness of medical device software. We demonstrate how to bridge the gap between traditional formal verification and the needs of medical device software. We apply the proposed approach to cardiac pacemaker software and demonstrate its ability to detect a range of software vulnerabilities that compromise security and safety.

[1]  Laura Moy,et al.  Killed by Code: Software Transparency in Implantable Medical Devices , 2010 .

[2]  Insup Lee,et al.  A Safety-Assured Development Approach for Real-Time Software , 2010, 2010 IEEE 16th International Conference on Embedded and Real-Time Computing Systems and Applications.

[3]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[4]  Rajeev Alur,et al.  Modeling and Verification of a Dual Chamber Implantable Pacemaker , 2012, TACAS.

[5]  Stefan Kowalewski,et al.  Model checking C source code for embedded systems , 2009, International Journal on Software Tools for Technology Transfer.

[6]  S. Serge Barold,et al.  Cardiac Pacemakers Step by Step: An Illustrated Guide , 2003 .

[7]  Bernd Fischer,et al.  Semiformal Verification of Embedded Software in Medical Devices Considering Stringent Hardware Constraints , 2009, 2009 International Conference on Embedded Software and Systems.

[8]  Colin J. Fidge,et al.  Model checking interrupt-dependent software , 2005, 12th Asia-Pacific Software Engineering Conference (APSEC'05).

[9]  Niraj K. Jha,et al.  Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system , 2011, 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services.

[10]  S. Serge Barold,et al.  Cardiac Pacemakers Step by Step , 2004 .

[11]  Doina Bucur,et al.  On software verification for sensor nodes , 2011, J. Syst. Softw..

[12]  D. Richard Kuhn,et al.  FAILURE MODES IN MEDICAL DEVICE SOFTWARE: AN ANALYSIS OF 15 YEARS OF RECALL DATA , 2001 .

[13]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[14]  Yi Zhang,et al.  Safety-assured development of the GPCA infusion pump software , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[15]  Insup Lee,et al.  Medical Cyber Physical Systems , 2010, Design Automation Conference.