Xen Security Modules : XSM-FLASK
Xen provides a security framework called XSM, and FLASK is an implementation of a security model using this framework (at the time of writing, it is the only one). FLASK defines a mandatory access control policy providing fine-grained controls over Xen domains, allowing the policy writer to define what interactions between domains, devices, and the hypervisor are permitted.
Some examples of what FLASK can do:
- Prevent two domains from communicating via event channels or grants
- Control which domains can use device passthrough (and which devices)
- Restrict or audit operations performed by privileged domains
- Prevent a privileged domain from arbitrarily mapping pages from other domains
Some of these examples require Dom0 Disaggregation to be useful, since the domain build process requires the ability to write to the new domain's memory.