QNX Software Company: 10 Prerequisites for Medical Device Security Software

Targeting approval for medical devices is a difficult task, and manufacturers must focus on the challenges beyond purely technical nature and focus on the environment and culture needed to develop software-based medical devices. Specifically, important preconditions for the construction and approval of ten medical devices should be considered, but these preconditions are often overlooked.

1. Safety culture

Companies that lack a culture of safety are less likely to produce safe medical products. A safety culture is not just a culture that allows engineers to ask about safety issues, but also a culture that encourages them to consider every decision from a security perspective. A programmer may have this problem: "I can use A technology or B technology to write this information exchange, but I am not sure how to balance the better performance of A and the higher reliability of B", and know who to use. To discuss this decision. And we must cultivate this culture to encourage programmers to think about such issues.

2, experts

We need experts. Defining what a security system must do and confirming that it meets security requirements requires specialized training and experience. The safety system must be simple, and designing a simple system is the biggest challenge for any engineer.

Ultimately, experts in the relevant fields (including industry experts, system architects, software designers, process experts, programmers, and verification experts) are needed to determine requirements, select appropriate design patterns, and establish and validate systems.

Such expertise is expensive because it comes from experience rather than classroom: undergraduate courses in computer engineering rarely involve embedded software development, and courses that teach how to create embedded systems with sufficient reliability are rare.

Sufficient reliability:

1) No system is absolutely reliable, we must understand how to make the system achieve sufficient reliability.

2) Accepting sufficient reliability can reduce development costs and provide us with a way to verify security metrics.

3) If we don't know what is reliable enough, we can design a complex system that can be faulty and easy to crash.

Software design patterns and techniques have improved significantly since the mid-1990s, but many designers have not yet been exposed to these changes. Figure 1 shows a chart detail of the hourly failure probability of a medical monitoring equipment reference design. It is often necessary to find out the risks and accurately calculate the probability of failure.

Figure 1 Chart of the hourly failure probability of the medical monitoring equipment reference design
Figure 1 Chart of the hourly failure probability of the medical monitoring equipment reference design

3, the process

IEC 62304 focuses on processes and there is no good process. We cannot prove that the system meets its safety requirements.

A good process is a measurable factor for something that is currently difficult to measure. It is easier to measure whether a process is being followed; it is much more difficult to assess the quality of the design and code. Although it can't be said that a good process can guarantee a good product, it is a well-known ten fact that a good product cannot be derived from a poor process.

IEC 62304 lists the processes required to develop medical devices, not because these processes ensure a safe product, but because:

A. They provide an environment in which development parameters can be evaluated. For example, a good testing process can help test coverage statistics. Without this process, it is impossible to make any declarations about test coverage.

B. They provide an architecture to preserve the chain of evidence in a secure case. Retrospectively generating security cases is possible, but expensive, and will necessarily require the re-generation of evidence that was not retained in the project development process.

4, clear requirements

Safety indicators must clarify the degree of reliability and the constraints to achieve these levels.

The FDA has recognized that “the rationality of demonstrating the design and production of routine indirect process data” is not sufficient to demonstrate the security of the software, and “equipment assurance measures that focus on demonstrating the safety of equipment for a particular product” are also essential. This kind of display is included in the security case and reflects the above-mentioned thesis that the purpose of the quality process is not to ensure quality products, but to provide an environment for evaluating evidence.

Each security case will mainly propose a statement like "This system will operate A under the condition C, with the level of reliability B. If it cannot do A, it will transfer to the design security state with probability P". . This statement and its corresponding considerations are listed in the System Security Handbook for use in higher level security cases.

The reliability of a system is its ability to respond continuously and accurately to situations: the combination of availability (the frequency of timely response requirements) and reliability (the correct rate of these responses).

The safety case declares the system's reliability indicators and provides evidence of compliance. The limitations of reliability indicators are as important as the indicators themselves. For example, a medical imaging system can meet IEC 61508 SIL3 requirements for up to 8 hours of continuous operation, and the system must be reset (updated) after 8 hours. Since the imaging process is usually short-lived, this limitation does not cause inconvenience, even if the system takes 24 hours a day.

5, system failure

No system is immune to vulnerabilities, especially Heisenbugs — those that are “a short-lived”, and when we look for them, the mysterious loopholes of “disappearing”; failures will eventually happen: the system we are building must be able to return to normal or Enter its design security state.

Table 1 Defect, error and failure analysis table
Table 1 Defect, error and failure analysis table

Since all systems will contain defects and defects can cause failures, a security system must contain multiple lines of defense:

Separation of safety-critical processes – Find out which components are safety-critical and design must be protected from other components.

Preventing defects from turning into errors—although the ideal solution is to identify and eliminate code failures, it is actually difficult to do. Be careful with Heisenbug to ensure that the software is designed to detect and close defects so that they do not turn into errors.

Prevent errors from turning into failures - technologies such as replication and diversification are more suitable for hardware than software, but careful use can still work.

Fault Detection and Recovery - In many systems, it is feasible to move to a predefined design security state and leave the recovery task to a higher level system (such as a human). Some systems cannot do this, so the system must be restored or restarted. In general, in an ambiguous environment, in an attempt to recover, it is better to choose a crash-only mode with fast recovery.

Semiconductor Plastic Package.Refers to the material whose conductivity is between the conductor and the insulator at room temperature. Semiconductors have a wide range of applications in radios, televisions, and temperature measurement. Diodes are semiconductor devices. Semiconductor refers to a material whose conductivity can be controlled and can range from insulator to conductor. Regardless of technology or economic development, the importance of semiconductors is enormous. Most of today`s electronic products, such as computers, mobile phones or digital recorders, have core units that are very closely related to semiconductors. The common semiconductor materials are silicon, germanium, gallium arsenide, etc., and silicon is a kind of most influential one among various semiconductor materials in commercial applications.

Semiconductor Plastic Package

Semiconductor Plastic Package,Semiconductor Package,Silicon Transistor,Bi Directions Thyristor

YANGZHOU POSITIONING TECH CO., LTD. , https://www.yzpst.com