Mandatory Access Control (MAC) is a security model in which access decisions are governed by a centralized security policy rather than the system's users. Systems with MAC are better protected from malicious or careless users and programs granting permissions that violate a system's desired security goals.
Xen supports MAC at the hypervisor level via the Flask Xen Security Module (XSM/Flask), building upon the widely used SELinux infrastructure. However, other critical components of the Xen architecture, such as Xenstore, are not covered by the XSM security policy.
Galois has developed an implementation of mandatory access control for a disaggregated Xenstore domain. In this presentation, James Bielman will discuss the implementation of Xenstore's nested security server in a Mirage-based Xen kernel.