Manage accessible services as whitelist

I have two Kubernetes clusters with istio service mesh.
Due to the company’s security issues, only A ‘service in Cluster A can access B’ Service in Cluster B. is it possible by istio resource?

Although it is possible to control the traffic using the header information in istio’s virtualservice, the http header information can be manipulated at any time, which does not satisfy the security issue.
and multi-cluster with single istio control plane doesn’t provide source application label (k8s label) to remote cluster.