The assurance of safety-critical systems is of a great concern. Many such systems are reviewed and approved by regulatory agencies. For example, medical devices sold in the United States are regulated by the U.S. Food and Drug Administration (FDA). Some of these medical devices, such as infusion pumps, cannot be commercially distributed before receiving an approval from the FDA. Which means that manufacturers of such systems are expected not only to achieve acceptable assurance level but also to convince regulators that it has been achieved.

Recently, assurance cases have become popular and acceptable ways for communicating ideas and information about the safety-critical systems among the system stakeholders. The assurance case is a method for reasoning about systems appropriate for scientists and engineers. An assurance case addressing safety is called a safety case. A safety case is a structured argument, supported by a body of evidence, that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given environment.

We constructed a safety case for the GPCA reference implementation we developed, with the intention of providing a guiding example of safety cases for other infusion pumps. Out of this experience we proposed the “from_to” safety case pattern. This pattern is appropriate in constructing safety cases for infusion pumps those are developed using the model-based approach. In addition, we proposed a systematic mechanism to identify safety gaps in the constructed safety cases. It is important to identify the safety gaps and manage them to show sufficient confidence in the safety case.

Publications

• Assurance Cases in Model-Driven Development of the Pacemaker Software, Eunkyoung Jee, Insup Lee and Oleg Sokolsky, Proceedings of the 4th International Symposium On Leveraging Application of Formal Methods, Verification and Validation (ISoLA 2010), Part II, LNCS 6416, pp. 343-356, Amirandes, Heraclion, Crete, October 18-20, 2010.
• A Safety Case Pattern for Model-Based Development Approach, Anaheed Ayoub, Baek-Gyu Kim, Insup Lee and Oleg Sokolsky, The 4th NASA FORMAL METHODS SYMPOSIUM (NFM2012), Virginia, USA, April 3-5, 2012.
• A Systematic Approach to Justifying Sufficient Confidence in Software Safety Arguments, Anaheed Ayoub, BaekGyu Kim, Insup Lee, and Oleg Sokolsky, The 31st International Conference on Computer Safety, Reliability and Security (SafeComp 2012), Magdeburg, Germany, September 25-28, 2012.
• Assessing the Overall Sufficiency of Safety Arguments, Anaheed Ayoub, Jian Chang, Oleg Sokolsky and Insup Lee, Accepted in the 21st Safety-critical Systems Symposium (SSS'13), Bristol, United Kingdom, February 5-7, 2013.

Acknowledgements

This research is support in part by NSF CPS large grant (NSF CNS-1035715) and NSF FDA Scholar-in-Residence grant (NSF CNS-1042829). We are grateful to Paul Jones and Yi Zhang at the FDA for advice and discussion on our assurance cases work.