Hazard Analysis and Metrics Identification for Software Safety in Medical Cyber-Physical Systems

The safety of software is becoming progressively important in computer controlled systems on which human life depends. In many cases software perform a main role in the safety-critical systems. There are many well known examples in application areas such as medical devices, aircraft flight control, weapons, and nuclear systems. In the field of medical sciences, innovative implantable medical devices are increasingly managed by software. In the medical domain, cochlear implant system (CIS) for bionic ear is one of the safetycritical medical devices which is controlled through clinical programming soft-ware (CPS). This paper examines the nature of software related failures of medical devices and applied this analysis to CPS of CIS as Medical Cyber-Physical System (MCPS) of bionic ear and performs the hazard identification, hazard analysis, safety design. The process begins with different types of hazard analysis techniques to CPS such as: FMEA, FTA, PHA, ETA, and FC. All the techniques are applied and then a comparison is made among them and results are explained. INTRODUCTION Safety-critical systems (SCSs) are those systems whose failure could result in loss of life, significant property damage, or damage to the environment [11]. Safety is involved with security of human life, the environment and property. The purpose of a software safety analysis is to identify hazards, demonstrate the absence of specific hazards, and determine the possible damaging effects resulting from hazards, determine the causes of a hazard, identify safety design criteria that will eliminate, reduce, or control identified hazards, evaluate the adequacy of hazard controls and prevent the execution of a safety critical function. A software failure must be a design or implementation error which is not detected during the testing phases. Software errors in medical devices are execution failure, data failures, and communication failures. Execution failures can be caused by an erroneous call, jump, and task control process. Data failures are caused by incorrect variable usage, undetected support software design errors, erroneous data access procedures. Communication errors are caused by misunderstanding of software interface specifications. Examples for safety critical medical devices are radiation therapy machines, medical monitoring, and medical robots [7]. A software bug can be defined as that part of the code which would result in an error; fault or malfunctioning of the program [17].Some bugs can be detected easily during development. But some bugs will be found late in the development process. These are low probability errors which are hard to detect and occur on very sparse set of inputs [17]. According to IEEE standards, a bug is an incorrect instruction in a program. A failing is triggered because of a bug and may alter the exterior actions of the system. The major categories are requirement and functionality bugs, structural bugs, data bugs, coding bugs, interface, integration and system bugs, test and test design bugs. These bugs increase the cost and development of CPS of cochlear implant system. The primary task of programmer is minimizing these defects, identify and eliminate existing bugs early in the development process. The defects detected at the beginning of development will cause much smaller harm than those which are recognized later in the utilization of the application. A common category of bugs can be defined in accordance with the regularity of the incident of that bug and severity of that bug. The effect of bug depends on the software and the system. Some of the bugs can have catastrophic consequences. Any consequence that results in either death, injury, damage to property or damage to the environment is called mishap or accident from the point of view of system safety standard [14]. A state of the system that, possibly in combination with environmental conditions, leads to a mishap is called hazard [14]. An internal or external condition (or combination with both) leads to a hazard is called hard cause [14]. The identification of hazards (unsafe states), hazard causes and measures that can be taken to eliminate or control the hazard or to reduce the risk is called hazard analysis [14]. An assessment of the consequences of the worst possible mishap that could be caused by a specific hazard is called hazard severity [14]. How-ever we can generally have following sessions for severity: Catastrophic: potential of multiple deaths or serious injuries. Critical: Defects that could cause serious consequences for the system like losing some important data or potential of death. Marginal: potential of injury. Negligible: These may not necessarily hamper the system performance, but they may give slightly different interpretation and generally avoidable. Software in medical devices plays an increasingly important role in health care [12]. Defibrillator’s, dialysis machines, surgical devices, pacemakers are the examples of different safety critical systems. The remainder of this paper is organized as follows. Section 2 describes the safety analysis in medical devices. Section 3 describes the designing safety. Section 4 presents the application of software safety as CPS. Section 5 discusses the functional operation of cps and properties. Finally, Section 6