Formally verifying human---automation interaction as part of a system model: limitations and tradeoffs

Authors:
Matthew L. Bolton;Ellen J. Bass
Affiliations:
Department of Systems and Information Engineering, University of Virginia, Charlottesville, USA;Department of Systems and Information Engineering, University of Virginia, Charlottesville, USA
Venue:
Innovations in Systems and Software Engineering
Year:
2010

Citing 9
Cited 3

A discrete control model of operator function: A methodology for information dislay design

IEEE Transactions on Systems, Man and Cybernetics
Cognitive Work Analysis: Towards Safe, Productive, and Healthy Computer-Based Work

Cognitive Work Analysis: Towards Safe, Productive, and Healthy Computer-Based Work
Counterexample-guided abstraction refinement for symbolic model checking

Journal of the ACM (JACM)
Introduction to Human Factors Engineering (2nd Edition)

Introduction to Human Factors Engineering (2nd Edition)
Human Factors Methods: A Practical Guide for Engineering And Design

Human Factors Methods: A Practical Guide for Engineering And Design
An approach to formal verification of human–computer interaction

Formal Aspects of Computing
Formal Methods Based Development of a PCA Infusion Pump Reference Model: Generic Infusion Pump (GIP) Project

HCMDSS-MDPNP '07 Proceedings of the 2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability
Spin model checker, the: primer and reference manual

Spin model checker, the: primer and reference manual
Enhanced operator function model: a generic human task behavior modeling language

SMC'09 Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics

Model-based dependability analysis of programmable drug infusion pumps

FORMATS'11 Proceedings of the 9th international conference on Formal modeling and analysis of timed systems
Generating phenotypical erroneous human behavior to evaluate human-automation interaction using model checking

International Journal of Human-Computer Studies
Automatic validation and failure diagnosis of human-device interfaces using task analytic models and model checking

Computational & Mathematical Organization Theory

Quantified Score

Hi-index	0.01

Visualization

Abstract

Both the human factors engineering (HFE) and formal methods communities are concerned with improving the design of safety-critical systems. This work discusses a modeling effort that leveraged methods from both fields to perform formal verification of human---automation interaction with a programmable device. This effort utilizes a system architecture composed of independent models of the human mission, human task behavior, human-device interface, device automation, and operational environment. The goals of this architecture were to allow HFE practitioners to perform formal verifications of realistic systems that depend on human---automation interaction in a reasonable amount of time using representative models, intuitive modeling constructs, and decoupled models of system components that could be easily changed to support multiple analyses. This framework was instantiated using a patient controlled analgesia pump in a two phased process where models in each phase were verified using a common set of specifications. The first phase focused on the mission, human-device interface, and device automation; and included a simple, unconstrained human task behavior model. The second phase replaced the unconstrained task model with one representing normative pump programming behavior. Because models produced in the first phase were too large for the model checker to verify, a number of model revisions were undertaken that affected the goals of the effort. While the use of human task behavior models in the second phase helped mitigate model complexity, verification time increased. Additional modeling tools and technological developments are necessary for model checking to become a more usable technique for HFE.