Evidence-based approaches to chemical risk assessment and risk management decision-making

Chemicals policy is designed to protect human and ecological health from the adverse effects that can result from exposure to manufactured chemical substances. It entails a complex process of regulatory chemical risk assessment and risk-management decision-making, drawing expertise from a diverse range of fields including toxicology and environmental health. However, these decision-making processes have come under increased scrutiny in recent years – criticized for bias, lack of transparency, rigor and a failure to identify unacceptable risks before widespread exposure occurs. This has resulted in calls for a more “evidence-based” approach, in which all relevant, available evidence is analyzed in a robust, transparent and reproducible manner. There is thus a growing need to incorporate methodological frameworks capable of facilitating evidence-based approaches to chemical risk assessment and regulatory decision-making. Such frameworks have been successfully developed in the field of medicine, which underwent a similar paradigm shift to that currently shaping chemical risk assessment, in the early 1990s. The gold-standard for evidence-based decision-making championed by the evidence-based medicine movement takes the form of systematic review. Systematic review describes a prescriptive and transparent method for collating, appraising and analyzing all available, relevant evidence in answer to a specific research question. By pooling the results of individual (independent) studies, systematic reviews synthesize conclusions which are not only more precise but are representative of an entire evidence-base. Now well established within clinical decision-making, the application of systematic review to chemical risk assessment is beginning to gain prominence. However, several challenges and barriers threaten to slow the uptake and quality of systematic review for chemical risk assessment. These include the prohibitively narrow focus of systematic reviews, which are at odds with the information requirements of regulatory decisions, and a mismatch in the resource availability within chemical risk assessment compared to the resource demands associated with systematic review. This thesis explores the challenges associated with implementing evidence-based approaches such as systematic review for chemical risk assessment, and identifies key methodological solutions: Chapter 1 examines the risk of bias assessment process – one of the most important but also most challenging aspects of systematic review methodology to adapt for environmental health. It examines the rationale for eschewing seemingly objective, quantitative approaches to assessing risk of bias in favour of seemingly more subjective, qualitative approaches. Through illustrative models, this thesis uncovers the mismatch between the mechanics of quantitative risk of bias assessment methods and the fundamental mechanics of risk of bias itself. Promoting understanding of this issue is increasingly important as systematic review gains prominence within chemical risk assessment – a field traditionally reliant on quantitative scoring methods for assessing the quality of included evidence. Chapter 2 considers the wider challenges to uptake of systematic review in environmental health, and proposes “systematic evidence mapping” as a methodological solution. A systematic evidence map is a queryable database of systematically gathered evidence which facilitates the broader identification of trends across the evidence-base. In this thesis, the potential utility of systematic mapping for existing and future chemical risk assessment workflows is characterized and critically assessed. A hypothetical but representative example (in which legacy flame retardants are prioritized for further regulatory assessment) is used to demonstrate the trend-spotting capacity of the methodology. Chapter 3 further explores the methodological adaptions required for effective implementation of systematic evidence mapping in chemical risk assessment and wider environmental health. By surveying current evidence mapping practice in environmental management (a field where the methodology is more mature), and qualitatively appraising this practice against the concepts of “data storage technology”, “data integrity”, “data accessibility”, and “transparency”, this thesis reveals the ill-suited nature of conventional tabular data structures for housing complex and highly connected environmental health/toxicology data. It identifies graph-based storage technologies as the most flexible and optimally suited data structures for the varied needs of chemical risk assessment workflows, and makes recommendations for their uptake in systematic evidence mapping. Chapter 4 of this thesis explores the practical implementation of graph-based solutions to evidence mapping in environmental health by conducting a proof-of-concept evidence mapping exercise, in which trends in the study of exposure-outcome associations for National Health and Nutrition Examination Survey (NHANES) datasets in the academic literature are explored. By contrasting this graph-based evidence mapping exercise to an equivalent tabular scoping review, this chapter demonstrates how significant gains in resolution and complexity can be achieved by adopting the graph data model – leading to greater insights than can be offered by traditional evidence-surveillance methods. The transparency, accessibility, interoperability and potential to expand graph-based evidence maps is also highlighted in this chapter by providing data models and methods which can be further adapted e.g. for the development of a suitable controlled vocabulary ontology. Finally, this thesis concludes by discussing the future direction of evidence-based chemical risk assessment and the role of graph-based evidence mapping within it, highlighting the need for further advances in automation and the uptake of data standards

Detection of potential misuse in information systems based on temporal graph anomalies

U složenom informacijskom sustavu u kojem korisnici imaju različite uloge, putem kojih su im dodijeljene različite ovlasti, moguće su složene zlouporabe pri kojima nitko od korisnika ne prekoračuje svoje ovlasti, no zajedničkim djelovanjem mogu prouzročiti štetu ili steći korist. Ovakav oblik unutarnjih prijetnji sustavima, u kojima organizirano sudjeluje veći broj autoriziranih korisnika koji ne prekoračuju dodijeljene im ovlasti, nije dovoljno istražen. U ovom radu je predložena općenita metoda za pronalazak mogućih zlouporaba sustava neovisno o semantici podataka i poznavanju poslovnih procesa sustava. Metoda se temelji na postojanju povijesti podataka informacijskog sustava. Implementacijom i testiranjem je ocijenjeno da predložena metoda prepoznaje moguće zlouporabe sustava. Predloženi model potpuno vremenski određenog grafa i algoritmi za konverziju relacijskih i vremenskih relacijskih podataka u grafove, pronalazak čestih vremenskih podgrafova i usporedbu vremenskih grafova su iskoristivi za opću namjenu. Znanstveni doprinosi: 1) Algoritam za transformaciju podataka iz relacijskih baza podataka u grafovske baze podataka, s posebnim naglaskom na transformaciju vremenskih relacijskih podataka u potpuno vremenski određene grafove; 2) Algoritam za pronalazak čestih vremenskih podgrafova potpuno vremenski određenog grafa; 3) Algoritam za pronalazak odstupanja od čestih vremenskih podgrafova potpuno vremenski određenog grafa; 4) Metoda za otkrivanje mogućih sigurnosnih prijetnji na osnovu odstupanja od čestih vremenskih podgrafova potpuno vremenski određenog grafaUsers of complex information systems can have various roles, which define their permissions. By acting in a coordinated manner, users can perform complex misuses without overstepping their permissions, and cause damage or gain illegal benefits. This kind of internal threats, where multiple users act coordinately and do not overstep their permissions, is not sufficiently researched. This thesis proposes general method for identification of potential misuses, which is independent of data semantics and business rules familiarity. Method is based on the existence of the information system's relational database audit trail. By implementation and testing it is evaluated that the method recognizes potential misuses. Proposed model of completely-timed graph, relational and temporal relational database to graph conversion algorithms, frequent completely-timed subgraph mining algorithm and completely-timed graph comparison algorithm can be used for general purpose. Scientific contributions: 1) relational database to graph database conversion algorithm, with special emphasis on temporal relational database to completely-timed graph conversion; 2) frequent completely-timed subgraph mining algorithm; 3) frequent completely-timed subgraph anomaly detection algorithm; 4) potential information system misuse detection method based on frequent completely-timed subgraph anomalie

Detection of potential misuse in information systems based on temporal graph anomalies

U složenom informacijskom sustavu u kojem korisnici imaju različite uloge, putem kojih su im dodijeljene različite ovlasti, moguće su složene zlouporabe pri kojima nitko od korisnika ne prekoračuje svoje ovlasti, no zajedničkim djelovanjem mogu prouzročiti štetu ili steći korist. Ovakav oblik unutarnjih prijetnji sustavima, u kojima organizirano sudjeluje veći broj autoriziranih korisnika koji ne prekoračuju dodijeljene im ovlasti, nije dovoljno istražen. U ovom radu je predložena općenita metoda za pronalazak mogućih zlouporaba sustava neovisno o semantici podataka i poznavanju poslovnih procesa sustava. Metoda se temelji na postojanju povijesti podataka informacijskog sustava. Implementacijom i testiranjem je ocijenjeno da predložena metoda prepoznaje moguće zlouporabe sustava. Predloženi model potpuno vremenski određenog grafa i algoritmi za konverziju relacijskih i vremenskih relacijskih podataka u grafove, pronalazak čestih vremenskih podgrafova i usporedbu vremenskih grafova su iskoristivi za opću namjenu. Znanstveni doprinosi: 1) Algoritam za transformaciju podataka iz relacijskih baza podataka u grafovske baze podataka, s posebnim naglaskom na transformaciju vremenskih relacijskih podataka u potpuno vremenski određene grafove; 2) Algoritam za pronalazak čestih vremenskih podgrafova potpuno vremenski određenog grafa; 3) Algoritam za pronalazak odstupanja od čestih vremenskih podgrafova potpuno vremenski određenog grafa; 4) Metoda za otkrivanje mogućih sigurnosnih prijetnji na osnovu odstupanja od čestih vremenskih podgrafova potpuno vremenski određenog grafaUsers of complex information systems can have various roles, which define their permissions. By acting in a coordinated manner, users can perform complex misuses without overstepping their permissions, and cause damage or gain illegal benefits. This kind of internal threats, where multiple users act coordinately and do not overstep their permissions, is not sufficiently researched. This thesis proposes general method for identification of potential misuses, which is independent of data semantics and business rules familiarity. Method is based on the existence of the information system's relational database audit trail. By implementation and testing it is evaluated that the method recognizes potential misuses. Proposed model of completely-timed graph, relational and temporal relational database to graph conversion algorithms, frequent completely-timed subgraph mining algorithm and completely-timed graph comparison algorithm can be used for general purpose. Scientific contributions: 1) relational database to graph database conversion algorithm, with special emphasis on temporal relational database to completely-timed graph conversion; 2) frequent completely-timed subgraph mining algorithm; 3) frequent completely-timed subgraph anomaly detection algorithm; 4) potential information system misuse detection method based on frequent completely-timed subgraph anomalie