What is CamFlow?

CamFlow stands for Cambridge information Flow architecture, the Cam is also the river that flows through Cambridge, UK.CamFlow is a Linux Security Modules (LSMs) designed to capture data provenance for the purpose of system audit.The provenance capture mechanism is highly configurable, and can fit the needs of many different type of applications.CamFlow can stack with existing security modules such as SELinux.Visit our project on github.


Research Project

CamFlow development started in 2014 at the University of Cambridge Opera Research Group (grant EPSRC EP/K011510/1). Further development has been supported by Harvard University’s Center for Research on Computation and Society as part of the Provenance@Harvard project (NSF grant SSI-1450277) and the University of Cambridge’s Digital Technology Group.Development is currently being supported at the University of Bristol Cyber Security Group.



For instructions on how to install and use CamFlow see our documentation.We also provide vagrant scripts to easily setup virtual machines running CamFlow.The source code of every CamFlow components is available on github.Please do not hesitate to fork our project or create issues to report bugs.



The easiest way to contribute to CamFlow is by submitting issues to suggest improvement or report bug.When reporting a bug, please specify the version of CamFlow you are running and your Linux distribution.To contribute a new feature, please fork the repository of the component you wish to improve, and submit a pull request against the dev branch.The pull request must pass the continuous integration test before it can be merged.



CamFlow is discussed in the following publications. Details given in these papers may be outdated - please refer to the code if in doubt or contact us.

Pasquier T., Han X., Moyer T., Bates A., Eyers D., Hermant O., Bacon J. and Seltzer M. Runtime Analysis of Whole-System Provenance. Conference on Computer and Communications Security (CCS’18) (2018), ACM. .pdf bib
Pasquier T., Han X., Goldstein M., Moyer T., Eyers D., Seltzer M. and Bacon J. Practical Whole-System Provenance Capture. Symposium on Cloud Computing (SoCC’17) (2017), ACM. .pdf bib poster
Pasquier T., Singh J., , Bacon J., and Eyers D. Information Flow Audit for PaaS Clouds. In International Conference on Cloud Engineering (IC2E) (2016), IEEE. .pdf bib
Pasquier T., Singh J., Eyers D., and Bacon J. CamFlow: Managed Data-Sharing for Cloud Services. IEEE Transactions on Cloud Computing (2015), IEEE. .pdf .bib


Use cases

Han X., Pasquier T. and Seltzer M. Provenance-based Intrusion Detection: Opportunities and Challenges. Workshop on the Theory and Practice of Provenance (TaPP’18) (2018), USENIX. .pdf bib website
Wang F., Joung Y., and Mickens J. Cobweb: Practical Remote Attestation Using Contextual Graphs. Workshop on System Software for Trusted Execution (SysTEX’17) (2017), ACM. .pdf .bib
Han X., Pasquier T., Ranjan T., Goldstein M., and Seltzer M. FRAPpuccino: Fault-detection through Runtime Analysis of Provenance. Workshop on Hot Topics in Cloud Computing (HotCloud’17) (2017), USENIX. .pdf bib website poster
Pasquier T. and Eyers D. Information Flow Audit for Transparency and Compliance in the Handling of Personal Data. IC2E International Workshop on Legal and Technical Issues in Cloud Computing (CLaw’16) (2016), IEEE. .pdf bib