CamFlow is a Linux Security Modules (LSMs) designed to capture data provenance for the purpose of system audit. The provenance capture mechanism is highly configurable, and can fit applications particular needs. CamFlow can stack with existing security modules such as SELinux.
CamFlow is the result of research at the University of Cambridge, Computer Laboratory, Opera Research Group. The project was funded by the Engineering and Physical Sciences Research Council (EPSRC, UK) under the CloudSafetyNet research grant.
For instructions on how to install CamFlow visit this link. We also provide vagrant scripts to easily setup virtual machines running CamFlow. The source code is available on our github repository. Please do not hesitate to fork our project or create issues to report bugs.
The easiest way to contribute to CamFlow is by submitting issues to suggest improvement or report bug. When reporting a bug, please specify the version of CamFlow you are running and your Linux distribution. To contribute a new feature, please fork the repository of the component you wish to improve, and submit a pull request against the dev branch. The pull request must pass the continuous integration test before it can be merged.
CamFlow is discussed in the following publications. Details given in these papers may be outdated - please refer to the code if in doubt, or contact us.
Han X., Pasquier T., Ranjan T., Goldstein M., and Seltzer M. FRAPpuccino: Fault-detection through Runtime Analysis of Provenance. Workshop on Hot Topics in Cloud Computing (HotCloud'17) (2017), USENIX. .pdf bib website poster
Pasquier T. and Eyers D. Information Flow Audit for Transparency and Compliance in the Handling of Personal Data. IC2E International Workshop on Legal and Technical Issues in Cloud Computing (CLaw'16) (2016), IEEE. .pdf bib 10.1109/IC2EW.2016.29