Medical device systems use a single operating system, typically a real-time operating system (RTOS). However, as system complexity grows, developers may find advantages in using a second general purpose operating system such as Linux or Windows for their user-interface and connectivity to medical networks.
This could be done using virtualisation to run multiple operating systems on the same physical platform.
It works by abstracting the underlying processing cores, memory, and devices. This is done by running virtual machines (VM) on top of an embedded hypervisor, with each VM running its own OS and related applications.
A hypervisor is a software layer that either resides directly on the hardware (type 1 hypervisor) or hosted on top of a conventional operating system running on the hardware platform (type 2).
A secure virtualisation platform is one that combines a type 1 hypervisor with a small separation kernel to provide secure isolation of the virtual machines and offer real-time performance and determinism when required.
In a medical application such as monitoring vital signs such as EKG and blood oxygenation during a patient’s hospital stay, numerous sensors must be attached to the body.
This can result in an awkward and uncomfortable tangle of wires.
To help untether patients, the wires could be eliminated by using Bluetooth wireless biometric sensors. These sensors could then communicate their data to a single workstation.
Within that workstation would be a virtualised environment running one or multiple virtual machines dedicated to the real-time monitoring and analysis of the patient. The heart rate sensor would report its data in one VM while the blood oxygenation sensor would connect to another VM, and so on.
Each of these VMs would run either an RTOS or a genral purpose OS, with real-time scheduling and determinism guaranteed by the underlying separation kernel. The information from all of the patient sensors could then be graphically portrayed for visual monitoring in a familiar Windows environment running in another VM, all running on the same workstation.
The same Windows VM might also be used to connect local storage of patient data, or possibly the hospital network.
The use of dedicated virtual machines means that the monitoring and analysis subsystem cannot be seen or compromised. Whatever occurs with the user interface or the network will not jeopardise the security of the patient monitoring system.
Software virtualisation platforms are available for both single- or multi-core architectures.
Virtualisation increases reliability by allowing developers to run safety-critical code in safe, virtualised execution environments that isolate different work loads and prevent them from interfering with one another.
It improves data security and system integrity because the hypervisor adds a layer of protection by controlling memory boundaries and preventing an application (e.g., rogue software) from accessing the data regions of other applications. Virtualisation enables reuse of legacy applications with little or no porting effort because applications can run on their native OS.