In a provenance-aware system, mechanisms gather and report metadata that describes the history of each object being processed on the system, allowing users to understand how data objects came to exist in their present state. However, little attention has been given to securing provenance-aware systems. Provenance itself is a ripe attack vector, and its authenticity and integrity must be guaranteed before it can be put to use. In this talk, I will detail our efforts to bring trustworthy data provenance to computing systems. These efforts have led to the design and implementation of a provenance-aware operating system anchored in trusted hardware, and a mechanism that leverages the confinement properties provided by Mandatory Access Controls to perform efficient policy-based provenance collection. Using these architectures, I will demonstrate that provenance is an invaluable tool for combating critical security threats including data exfiltration, SQL injection, and even binary exploitation. By addressing key security and performance challenges, this work paves the way for the further proliferation of provenance capabilities.