University of Minnesota


CPS:Large: Assuring the Safety, Security and Reliability of Medical Device Cyber Physical Systems

Health care relies on medical devices that are increasingly complex and interconnected. Software plays an ever greater part in medical devices. The flexibility offered by software-driven development enables manufacturers to add more and more features to the device, adding to the complexity of the device itself and the complexity of the caregiver interface. The current approach to regulatory approval of medical device systems in the US is based on the evaluation of the development process and does not assess the quality of the product itself in a quantitative way[1]. As evidenced by the large number of recalls of medical devices, the current approval process is insufficient even for today’s systems. A report by NCO/NITRD on High-Confidence Medical Devices concludes the need for rationally designed high-confidence medical device cyber-physical systems for 21st century health care. In particular, the rapidly increasing use of software to control and interconnect medical devices makes the development and production of medical device software and systems a crucial issue, both for the U.S. economy and to ensure safe advances in health care delivery. This finding is in line with the conclusion of the report by the U.S. National Academy of Science on software for dependable systems that new techniques and methods are needed to build future software systems that meet dependability requirements for safety-critical systems.

The primary goals of this project are:

(1) Design a compositional development framework for safe and secure MDCPS that supports collection of evidence for the regulatory approval. The framework would support development of stand-alone devices as well as their on-demand integration into complex clinical scenarios.

(2) Develop a mathematically grounded approach to evidence-based regulatory approval and incremental certification of MDCPS.

(3) Provide means for rigorous evaluation of clinical scenarios, including both operational procedures for caregivers and device systems involved in a scenario.

(4) Apply rigorous control-theoretic methods to the design of physiological closed-loop scenarios.

[1]A. Wassyng, T. Maibaum, and M. Lawford. On software certification: We need product-focused approaches. In Foundations of Computer Software: Future Trends and Techniques for Development,volume 6028 of LNCS, Sept. 2008.


  • High-assurance development of MDCPS

              - Case Study : Generic Patient controlled Analgesia Infusion Pump

  • Security for MDCPS

  • Assurance cases for evidence based certification

             - ALPACA—A Language for Probabilistic Assurance Case Analysis

  • Compositional techniques for MDCPS and assurance cases


  • Modes, Features, and State-Based Modeling for Clarity and Flexibility. Anitha Murugesan, Sanjai Rayadurgam, and Mats Heimdahl. In Workshop on Modeling in Software Engineering, International Conference on Software Engineering, San Francisco, May 2013.

  • Compositional Verification of a Medical Device System. Anitha Murugesan, Michael Whalen, Sanjai Rayadurgam and Mats Heimdahl. Accepted at High Integrity Language Technology, Pittsburg, Nov 2013.

  • Whalen, M., Gacek, A., Cofer, D., Murugesan, A., Heimdahl, M., & Rayadurgam, S. (2012). Your What is My How: Iteration and Hierarchy in System Design.

  • Whalen, M. W., Murugesan, A., & Heimdahl, M. P. (2012, September). Your what is my how: Why requirements and architectural design should be iterative. In Twin Peaks of Requirements and Architecture (Twin Peaks), 2012 IEEE First International Workshop on the (pp. 36-40). IEEE.

  • Denis Foo Kune, John Backes, Shane Clark, Dan Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors, In Proceedings of the 34th Annual IEEE Symposium on Security and Privacy 2013. (To Appear.)

  • Denis Foo Kune, Eugene Vasserman, Krishna Venkatasubramanian, Yongdae Kim, Insup Lee. "Towards a safe Integrated Clinical Environment: A communication security perspective", ACM MedCOMM: Workshop on Medical Communication Systems 2012.

    • Website design by Gregory Gay and Anitha Murugesan.
    • © 2015 Regents of the University of Minnesota. All rights reserved.
    • The University of Minnesota is an equal opportunity educator and employer. Privacy
    • Last modified on October 30, 2015