'Drawbridge': Microsoft Research Project OS - A New Form of Virtualization for Application Sandboxing

Microsoft Research has begun taking the wraps off its hush-hush "Drawbridge" application-virtualization project."Drawbridge is a research prototype of a new form of virtualization for application sandboxing. Drawbridge combines two core technologies: First, a picoprocess, which is a process-based isolation container with a minimal kernel API surface. Second, a library OS, which is a version of […]

Microsoft Research has begun taking the wraps off its hush-hush "Drawbridge" application-virtualization project.

"Drawbridge is a research prototype of a new form of virtualization for application sandboxing. Drawbridge combines two core technologies: First, a picoprocess, which is a process-based isolation container with a minimal kernel API surface. Second, a library OS, which is a version of Windows enlightened to run efficiently within a picoprocess. Drawbridge combines two ideas from the literature, the picoprocess and the library OS, to provide a new form of computing, which retains the benefits of secure isolation, persistent compatibility, and execution continuity, but with drastically lower resource overheads," explains Microsoft.

Drawbridge operating-system Microsoft research project"The Drawbridge library OS is an experimental Windows 7 library OS - a research project and proving ground for a larger concept: application virtualization and sandboxing. Drawbridge is capable of running the latest releases of major Windows applications such as Microsoft Excel, PowerPoint, and Internet Explorer with very little overhead compared to the traditional virtualization techniques," Microsoft said.

"Drawbridge" is a Microsoft Research project developed by some of the same folks who helped create the Singularity microkernel operating system and the "Menlo" mobile operating system prototype. (Menlo was dedicated to replacing the Windows Embedded kernel with a Windows NT kernel in mobile devices.)

From the introduction to the Drawbridge paper:

"Each instance has significantly lower overhead than a full VM bundled with an application: a typical application adds just 16MB of working set and 64MB of disk footprint. We contribute a new ABI (application binary interface) below the library OS that enables application mobility. We also show that our library OS can address many of the current uses of hardware virtual machines at a fraction of the overheads."

In the video below, Drawbridge research team members Galen Hunt, Reuben Olinsky and Jon Howell dig into some of the details, including project rationale and OS architecture, of research project Drawbridge.