Presentation is loading. Please wait.

Presentation is loading. Please wait.

An example of a critical system

Published byCharlotte Sherilyn Copeland Modified over 9 years ago

Similar presentations

Presentation on theme: "An example of a critical system"— Presentation transcript:

1 An example of a critical system
A personal insulin pump for people suffering from diabetes This will be used as an illustrative example throughout the course

2 Medical systems More and more medical instruments now include embedded control software. These software systems are often critical systems as a patient’s life (or at least their health) may depend on the correct and timely functioning of these systems The systems themselves are often relatively small and are therefore understandable unlike, for example, industrial control systems Many safety-critical systems such as the control system for a chemical plant or a nuclear reactor, the control software on aircraft, etc. are not price sensitive. That is, they are part of larger installations that are very expensive and that are produced in relatively small numbers. Therefore, adding to the cost through redundant hardware and software is not usually a problem. Medical devices, on the other hand, are often mass-produced devices and so have to be price-sensitive. Furthermore, they are often portable devices and so are weight sensitive and power-sensitive. They are battery powered rather than mains powered. All of this has implications for the hardware and software. The chip count must be minimised as chips add weight, cost and power drain. There is unlikely to be scope for hardware replication and software redundancy.

3 Diabetes People with diabetes cannot make their own insulin, a hormone that is normally secreted by the pancreas. Insulin is essential to metabolise sugar and hence generate energy Currently most diabetics inject insulin 2 or more times per day, with the dose injected based on readings of their blood sugar level However, this results in artificial blood sugar fluctuations as it does not reflect the on-demand insulin production of the pancreas Current practice for diabetes control relies on the sufferer measuring the level of glucose (sugar) in their blood then using their experience to judge how much insulin they should inject. They have to make predictions of how their future level of blood glucose will be affected by planned meals, exercise, etc. Failure to control blood sugar can result in a number of nasty side-effects such as blindness, kidney failure, heart disease and circulation problems. For reasons that are almost certainly related to current lifestyles, the number of diabetics in the population has increased significantly over the past few years. It has been estimated by the World Health Organisatation that: “Diabetes cases in adults will more than double globally from 143 million in 1997 to 300 million by 2025 largely because of dietary and other lifestyle factors. “

4 A personal insulin pump
A personal insulin pump is an external device that mimics the function of the pancreas It uses an embedded sensor to measure the blood sugar level at periodic intervals and then injects insulin to maintain the blood sugar at a ‘normal’ level. I will draw on this example at various points in the course to illustrate aspects of critical systems engineering Personal insulin pumps are currently beyond the ‘state of the art’ although I believe that larger-scale devices of this type have been developed for use in hospitals. The key difficulty (I suspect) in developing such a system is that blood sugar sensors are invasive and there are probably problems with infections in developing such a system. In future, it may be possible to measure blood sugar level by looking at secretions on the skin and this would then make automated pumps possible. Personal insulin pumps are available but these are not ‘smart’ systems and they rely on users to make decisions about how much insulin to inject and when to inject it. To read more about them, see:

5 Critical system attributes
Availability It is important that the system should be available to deliver insulin when required Reliability It is important that the system performs reliably and delivers the correct amount of insulin to compensate for the current level of blood sugar Safety A system failure that resulted in excessive doses of insulin being delivered could threaten the life of the user You could also argue that security is an attribute as you wouldn’t want someone apart from the individual sufferer using the machine. However, this is a fairly unlikely scenario so I haven’t considered it in the example.

6 Insulin pump components
The arrows in this diagram means that there is some communication between these components. The controller is a software component. In fact, as we shall see later, the system has two displays plus buttons that signal the controller to take certain actions. The pump delivers a single increment of insulin on receipt of a signal pulse from the controller. Therefore, to deliver 6 insulin increments, 6 pulses are sent to the pump unit. The pump unit includes a pressure sensor so that if the needle assembly is blocked then insulin delivery will be halted

7 Insulin delivery system
Data flow model of software-controlled insulin pump

8 Concept of operation Using readings from the embedded sensor, the system automatically measures the level of glucose in the sufferer’s body Consecutive readings are compared and, if they indicate that the level of glucose is rising (see next slide) then insulin is injected to counteract this rise The ideal situation is a consistent level of sugar that is within some ‘safe’ band

9 Sugar levels Unsafe Safe Undesirable
A very low level of sugar (arbitrarily, we will call this 3 units) is dangerous and can result in hypoglaecemia which can result in a diabetic coma and ultimately death. Safe Between 3 units and about 7 units, the levels of sugar are ‘safe’ and are comparable to those in people without diabetes. This is the ideal band. Undesirable Above 7 units of insulin is undesirable but high levels are not dangerous in the short-term. Continuous high-levels however can result in long-term side-effects.

10 Insulin injection The decision when to apply insulin does NOT depend on the absolute level of glucose that is measured in the sufferer’s blood. The reason for this is that insulin does not act instantaneously and the change in sugar level does not simply depend on a single injection but also on previous injections. A more complex decision based on previous levels and rate of change of sugar level is used.

11 Injection scenarios Level of sugar is in the unsafe band
Do not inject insulin; Initiate warning for the sufferer. Level of sugar is falling Do not inject insulin if in safe band. Inject insulin if rate of change of level is decreasing. Level of sugar is stable Do not inject insulin if level is in the safe band; Inject insulin if level is in the undesirable band to bring down glucose level; Amount injected should be proportionate to the degree of undesirability ie inject more if level is 20 rather than 10.

12 Injection scenarios Level of sugar is increasing
Reading in unsafe band No injection. Reading in safe band Inject only if the rate of increase is constant or increasing. If constant, inject standard amount; if increasing, compute amount based on increase. Inject constant amount if rate of increase is constant or decreasing. Inject computed amount if rate of increase is increasing.

13 Glucose measurements Sugar level Undesirable area Safe area
Inject Undesirable area Inject Do not inject Do not inject The decision on whether or not to inject is dependent on whether the rate of change of sugar level is increasing or decreasing and the current sugar level. Insulin is injected if the rate of change of sugar level is increasing but not if the rate of change is decreasing and the level is in the safe zone. However, it is injected if the rate of change is decreasing and the level is in the undesirable zone. If the level is falling and the rate of change is increasing, no injection. If however, the rate of change is decreasing then an injection is made if the level is in the undesirable zone Safe area Do not inject Unsafe area t1 t2 t3 Time

14 Key points The insulin pump software is a critical software system
Availability Reliability Safety The blood sugar level is measured and insulin injected if necessary. The dose of insulin injected depends on the blood sugar level and the rate of change to the sugar levels.

Download ppt "An example of a critical system"

Similar presentations

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.

©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 10 Slide 1 Formal Specification.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 10 Slide 1 Formal Specification.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 An automated insulin pump.

©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 An automated insulin pump.
©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 The portable insulin pump Developing a dependability specification for the.

©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 The portable insulin pump Developing a dependability specification for the.
The embedded control software for a personal insulin pump

The embedded control software for a personal insulin pump
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.

©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
To know the importance of regulating our bodies. Success criteria- State what is meant by homeostasis. Identify what causes blood sugar levels to change.

To know the importance of regulating our bodies. Success criteria- State what is meant by homeostasis. Identify what causes blood sugar levels to change.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 2 Slide 1 Systems engineering 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 2 Slide 1 Systems engineering 1.
2.1 Diagnosing Diabetes Quiz Review.

2.1 Diagnosing Diabetes Quiz Review.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.
Glucose Regulation Noadswood Science, 2012. Glucose Regulation  To understand how glucose is controlled within the body Tuesday, August 11, 2015.

Glucose Regulation Noadswood Science, Glucose Regulation  To understand how glucose is controlled within the body Tuesday, August 11, 2015.
Diabetes Mellitus “A Brief Introduction” Presented by Rainsville Family Practice Thomas L. Horton, MD.

Diabetes Mellitus “A Brief Introduction” Presented by Rainsville Family Practice Thomas L. Horton, MD.
Reliability of Automated Insulin Pumps Medtronic Mini-Med Paradigm® DSES-6070 HV7 Statistical Methods for Reliability Engineering Professor Ernesto Gutierrez-Miravete.

Reliability of Automated Insulin Pumps Medtronic Mini-Med Paradigm® DSES-6070 HV7 Statistical Methods for Reliability Engineering Professor Ernesto Gutierrez-Miravete.
 Type one diabetes is a disease that takes place within your body and what it means is your body does not produce insulin. This is a problem because.

 Type one diabetes is a disease that takes place within your body and what it means is your body does not produce insulin. This is a problem because.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 1.
CSc 461/561 Information Systems Engineering Lecture1 - Introduction.

CSc 461/561 Information Systems Engineering Lecture1 - Introduction.
Chapter 1- “Diversity” “In higher education they value diversity of everything except thought.” - George Will.

Chapter 1- “Diversity” “In higher education they value diversity of everything except thought.” George Will.

Similar presentations

Ads by Google