CamFlow is a Linux Security Modules (LSMs) designed to capture data provenance for the purpose of system audit. The provenance capture mechanism is highly configurable, and can fit applications particular needs. CamFlow can stack with existing security modules such as SELinux.
CamFlow is the result of research at the University of Cambridge, Computer Laboratory, Opera Research Group. The project was funded by the Engineering and Physical Sciences Research Council (EPSRC, UK) under the CloudSafetyNet research grant.
From July 2016, the development is being supported at Harvard University’s Center for Research on Computation and Society as part of the Provenance@Harvard project.