High Confidence Medical Device Software and Systems A

  • Slides: 8
Download presentation
High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark

High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark P Jones Department of Computer Science & Electrical Engineering OGI School of Science & Engineering Oregon Health & Science University Beaverton, OR 97006

What is “High Confidence”? § Some doctors don’t know what we mean by “high

What is “High Confidence”? § Some doctors don’t know what we mean by “high confidence” § They use products, and they expect them to work § This is how it should be! § Others take a more realistic (pessimistic? ) view: § From a presentation by Dan Schultz, MD, and Director of CDRH, FDA § Our goal: § Move from “reasonable” to “high” assurance § If we are successful, the first group of doctors won’t notice

Software Validation: § Process-oriented software validation is a requirement of the Quality System Regulation

Software Validation: § Process-oriented software validation is a requirement of the Quality System Regulation (21 CFR 820) § Of 3140 medical device recalls between 1992 and 1998 … § 242 were attributable to software failures § 192 of those were caused by defects introduced when changeswere made to software after initial production & distribution (Source: FDA guidance on “General Principles of Software Validation”) § “Lessons from 342 Medical Device Failures” (Wallace and Kuhn, HASE 99) classifies recalls between 1983 -1997: § Logic: 43%; Calculation: 24%; Change impact: 6%; … § Process-oriented techniques are extremely valuable § Claim: artifact-oriented techniques will provide an essential supplement

Candidate Technologies: Formal Methods : Intel is building & using theorem provingtechnology: § e.

Candidate Technologies: Formal Methods : Intel is building & using theorem provingtechnology: § e. g. , software/microcode verification of floating point unit, memory hierarchies, etc…) Microsoft is building & using model checkingtechnology: § e. g. , the Static Driver Verifier (SDV), including SLAM, uncovers critical bugs in device drivers, and will ship with the next Windows DDK Domain Specific Languages : Galois has developed Cryptol as a DSL for cryptography : § significant productivity boost for developers of Type 1 crypto Project Timber developed a DSL for component configuration : § smaller code (factor>30), prevented 100 s of errors in non-DSL version

Technology Drivers: § To date, the key drivers for the adoption of formal methods

Technology Drivers: § To date, the key drivers for the adoption of formal methods and domain specific language technologies have been: § government § § security aviation safety military … § economics § Few organizations have the resources of Intel, Microsoft, or the Federal Government to invest in these technologies § But legislative incentives are coming: § FDA approval is no longer a “shield against litigation” § We must prepare Industry § We must protect Innovation

Change Management: § Change is the norm: § requirements, systems, and assurance needs all

Change Management: § Change is the norm: § requirements, systems, and assurance needs all change § change is a significant contributor to device recalls … § Several commercial software packages have been developed in support of the Quality System Regulations § Programmer’s perspective: “make” tools for quality systems § “Programatica” § Integrate broad and open spectrum of assurance techniques in a software development environment § Fine-grained, automated dependency tracking to reduce cost of recertification § Tools like these can: § embrace current evaluation methodologies § offer an evolution path for introducing and applying formal methods

Open Experimental Platforms: § The academic community needs relevant, open platforms: § to serve

Open Experimental Platforms: § The academic community needs relevant, open platforms: § to serve as case studies § to provide baselines for comparison and evaluation § to drive development of new tools & prototypes § Examples like this are currently hard to find: § Trade secrets, proprietary IP, patents, … § Nobody likes to advertise their failures … § … or give away their corporate crown jewels § Significant benefits in the long term for device manufacturers and for society § How do we leverage community? § “Open Source” Medical Devices?

Bio Mark Jones is an Associate Professor at the School of Science and Engineering

Bio Mark Jones is an Associate Professor at the School of Science and Engineering at Oregon Health & Science University (OGI). His area of expertise is in the design, implementation, and application of programming languages. He has worked as an Associate Research Scientist at Yale University, and as a Reader at the University of Nottingham, where he founded and led a research group on Languages and Programming. He was Principal Investigator on the DARPA-funded Project Timber, dealing with the development of new programming language technology to support the design of reliable, real-time embedded systems. Jones is now leading the Programatica project, which is using the construction of a micro kernel implementation with strong security properties to demonstrate and inform the design of tools for evidence management and validation of complex, high-confidence software. He has a Ph. D. from the University of Oxford.