ITR: Software Safety Mechanisms for Medical Systems
Massachusetts Institute Of Technology, Cambridge MA
Investigators
Abstract
Modern medical diagnosis and treatment systems are at the beginning of a computerization revolution. Electromechanical devices are being replaced with new, extensively integrated and heavily computerized systems in which interactions with both patient and clinician are mediated by complex software. Through increased precision and ease of use - not to mention entirely new forms of intervention and diagnosis -these advances hold promise of a medical infrastructure that is both more effective and more efficient. At the same time, the use of software brings a larger risk of catastrophic failure, resulting in loss of life. This research project offers the promise of improving the safety of the software required to deploy these systems by investigating new techniques for improving the safety and reliability of medical software systems. The research is conducted in collaboration with the Northeast Proton Therapy Center, one of two advanced proton therapy centers in the country. This project is designing techniques to ensure that software errors do not cause a system to violate basic safety properties. The developer identifies the basic safety properties, then designs software interlocks that monitor the system to detect impending violations of these properties. When an impending violation is detected, the interlock takes actions designed to ensure that the property is not violated. For example, a safety property for a radiation therapy machine might state that treatment should stop within one second after an operator presses the emergency stop button. To enforce this property, an interlock might be added whose sole responsibility is to monitor the actions of the main control software and insert a beam stop if this control software fails to do so within the specified time. Key challenges include: monitoring technology to detect impending violations of safety properties; analyses of monitor results to detect inconsistent states, potentially unsafe actions, or the absence of required actions; and identification of appropriate interventions that may modify the internal state of the system to restore it to consistency, filter out inappropriate actions, or insert actions required to ensure that the system executes safely.
View original record on NSF Award Search →