Departmental Papers (CIS)

Date of this Version


Document Type

Conference Paper


This paper was presented at the International Conference on Computer Safety, Reliability & Security (SAFECOMP 2015) Delft, the Netherlands, September 22-25, 2015


This paper addresses the problem of high-assurance operation for medical cyber-physical systems built from interoperable medical devices. Such systems are diferent from most cyber-physical systems due to their "plug-and-play" nature: they are assembled as needed at a patient's bedside according to a specification that captures the clinical scenario and required device types. We need to ensure that such a system is assembled correctly and operates according to its specification. In this regard, we aim to develop an alarm system that would signal interoperability failures. We study how plug-and-play interoperable medical devices and systems can fail by means of hazard analysis that identify hazardous situations that are unique to interoperable systems. The requirements for the alarm system are formulated as the need to detect these hazardous situations. We instantiate the alarm requirement generation process through a case-study involving an interoperable medical device setup for airway-laser surgery.

Subject Area

CPS Medical

Publication Source

Computer Safety, Reliability, and Security

Start Page


Last Page




Copyright/Permission Statement

The final publication is available at Springer via


interoperable medical devices, alarms, interoperability, requirements engineering, fault trees



Date Posted: 14 October 2015

This document has been peer reviewed.