Modeling and Integrating Human Interaction Assumptions in Medical Cyber-Physical System Design

For a cyber-physical system, its execution behaviors are often impacted by human interactive behaviors. However, the assumptions about a cyber-physical systems expected human interactive behaviors are often informally documented, or even left implicit and unspecified in system design. Unfortunately, such implicit human interaction assumptions made by safety critical cyber-physical systems, such as medical cyber-physical systems (M-CPS), can lead to catastrophes. Several recent U.S. Food and Drug Administration (FDA) medical device recalls are due to implicit human interaction assumptions. In this paper, we classify the categories of constraints in human interaction assumptions in the medical domain and develop a mathematical assumption model that allow M-CPS engineers to explicitly and precisely specify assumptions about human interactions. Algorithms are developed to integrate mathematical assumption models with system model so that the safety of the system can be not only validated by both medical and engineering professionals but also formally verified by existing formal verification tools. We use an FDA recalled medical ventilator scenario as a case study to show how the mathematical assumption model and its integration in M-CPS design may improve the safety of the ventilator and M-CPS in general.