Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Drawbridge: A new form of virtualization for application sandboxing

Download

Right click “Save as…”

Drawbridge is a research prototype of a new form of virtualization for application sandboxing. Drawbridge combines two core technologies: First, a picoprocess, which is a process-based isolation container with a minimal kernel API surface. Second, a library OS, which is a version of Windows enlightened to run efficiently within a picoprocess. Drawbridge combines two ideas from the literature, the picoprocess and the library OS, to provide a new form of computing, which retains the benefits of secure isolation, persistent compatibility, and execution continuity, but with drastically lower resource overheads.

The Drawbridge library OS is an experimental Windows 7 library OS - a research project and proving ground for a larger concept: application virtualization and sandboxing. Drawbridge is capable of running the latest releases of major Windows applications such as Microsoft Excel, PowerPoint, and Internet Explorer with very little overhead compared to the traditional virtualization techniques. The experiment is going well! Now, what's going on here, exactly?

Drawbridge research team members Galen Hunt, Reuben Olinsky and Jon Howell dig into some of the details, including project rationale and OS architecture, of research project Drawbridge.

Paper: http://research.microsoft.com/apps/pubs/default.aspx?id=141071

 

Tags:

Follow the Discussion

  • Brian Barkeraldie_lab aldie_lab

    Enlightened? That's the opposite of "embiggened", right?

  • CharlesCharles Welcome Change

    @aldie_lab: No. Enlightened as in the operating system (in this case, a library OS, which is a modified Windows 7 used for experimentation in the Drawbridge research experiment) is aware of and capable of running inside picoprocesses. So, enlightenments are enhancements to the OS which help reduce the cost of certain OS functions (like running inside a picoprocess).

    C

  • felix9felix9 the cat that walked by itself

    this video is finally out ! very interesting Smiley

  • IE9 RC? ;P

    This means that we might finally get native code on the web(again)?

  • SimonSimon

    Interesting video! Thanks Charles! Always impressive with what new ideas the people at MSR come up! Great to put the spotlight on researchers.

    Unrelated: Would love to see Singularity's ideas go mainstream. Singularity's *the single most interesting* idea and implementation I've seen in a long time in OS research. While it might not have been the first approach it was very well executed (and documented).

  • Interesting interview but would have been nice to have a little deeper questions:

    If app consists of multiple sequential or parallel executables, so that eg. excel.exe starts excel2.exe and then excel.exe terminates and excel2 starts multiple different exes with their own windows and excel2.exe terminates... will this kind of thing work with this model? What if there's also some LPC or shared memory IPC between these before the termination?

    If app uses CreateFile to open \\.\C: (hope i got that right) or a PhysicalDisk and in order to run needs to be able to write and read somewhere on the disk without going through the filesystem apis, will your security layer virtualize this or will the app fail to run?

    How do you "install" app onto this sandbox? Lot of talk about lack of 3D/HW support but would have been many more interesting questions about how to handle things related to what eg. game installers do, such as "sony rootkit drm", would that rootkit drm game install fine even if it was just 2D non-accelerated game. Also, would this approach work to enable better compatibility with Windows 3 & 95/98 apps/games using old DX apis?

    Getting old windows games and apps to run is oft more pain than dos games in dosbox. If MS were to productize this research, it could end up like the current app compat layer, which can require a bunch (too much) of fiddling just to find the app you want to run is not going to run since even if you put compat mode "XP", the broken stuff tends to stay broken unless it was specifically tested by people in MS.

    I think this type of legacy compatibility thing may be better using a hybrid development model: paid core team developing the long term goal deliveries and then allow the community using the product develop their own minor fixes and improvements that could be easily patched (by users, so simply that no instructions are needed) into the product on need basis. eg. if I as user run appX, it will check for community made fixes for appX and allow me to install those in the sandboxing layer or something, ensuring longevity and broadening compatibility as time goes on even if MS stops active development on the sandbox. Just a thought...

  • CharlesCharles Welcome Change

    @androidi: "It would have been great if the conversation centered around the specific technical topics I'm most curious about". OK. Maybe next time...

    At any rate, you have a place to ask questions now.  The Drawbridge people also have a place to look for questions to anwser.

    C

  • MinhMinh WOOH!  WOOH!

    The video in the SL player is not playing... download works though

  • CharlesCharles Welcome Change

    @Minh:Weird. Republishing.
    C

  • The possibility that I could start working one something on my home machine (say in VS) "hibernate" it and transfer that state to a cloud service and then pick up again right where I left off on any internet-enabled (and RDP enabled) device is quite intriguing to say the least; as well as very useful.

    Not to mention the possibilities as far as backward compatibility is concerned.

  • felix9felix9 the cat that walked by itself

    There is a concept called 'AppContainer' for Metro-style apps in Windows 8, which is very strict sandboxing / isolation, I guess it could be a good basis to incorporate the library OS idea. can you compare the AppContainer and the Picoprocess approach ? or AppV ? ThinApp ?

  • , Charles wrote

    @Minh:Weird. Republishing.
    C

    Still not working here either. other videos work fine...

  • CharlesCharles Welcome Change

    @giovanni: Working on it. My apologies.
    C

  • William Staceystaceyw Before C# there was darkness...

    Nice. So in the future, a user could hit a exception, then "click-dump" the process (as a button in the exception window) and email to me. I could open that in VS debuging and be right in the context of the issue and even see what happened before the exception.  Probably could also add a 20 sec reply window replay what user was doing 20 seconds before the issue for even more local context.  Now that itself is a game changer. Also a neat way to publish working VS solutions for samples and demos, or office documents. The target user does not even have to have office installed and could even open from over the web. Big game changer. Nice what senerios that could enable.

  • , staceyw wrote

    Nice. So in the future, a user could hit a exception, then "click-dump" the process (as a button in the exception window) and email to me. I could open that in VS debuging and be right in the context of the issue and even see what happened before the exception.

    If you want to resume hibernation, you need hiberfil.sys as well as your intact filesystem. You can't just send hiberfil.sys to another machine and resume your OS there.

  • CharlesCharles Welcome Change

    @Charles: Fixed! Smiley

    C

  • Strangely, I found this about 10 minutes after watching the video.

    http://technet.microsoft.com/en-us/appvirtualization/dd146065

    The move from kernel mode to user mode comments stood out.

    Very cool stuff!

    I'm curious how (in conceptual terms) the Drawbridge compares to a technology like Thinapp (previously Thinstall), I suppose other than the obvious ability to rearrange the OS.. Wink

     

  • I watched the video yesterday. But it got me thinking - how exactly is rearranging the OS better than using a Hyper-V VM with memory deduplication on EPT/Nested Pages?

    This keeps memory usage low. How many instances of IIS would you be able to run in VMs using memory deduplication, as opposed to the number in Drawbridge? How well does Drawbridge perform CPU-wise, as opposed to running on bare metal hypervisor?

    There were also some scenarios mentioned, such as:
    - using it to keep compatibility with XP
    - sandboxing

    Well, I don't think it is easy to refactor an outdated OS and to keep compatibility for every single system call. Would you use XP RTM, XP SP1, XP SP2 or XP SP3 as the baseline?

    With an upgrade to a new OS version, your existing applications get a new look, since they blend with the OS's redesigned UI elements. This is very much desirable, as opposed to keeping it at the version "they were designed for". Then there's WinRT. I guess "desktop mode" APIs will stay Win7 compatible for a very long time, since most innovation will be in the WinRT world.

    As to sandboxing, using a processor security feature (ie VM mode) is much more secure than it is to use existing ring protection. Unless you decide to use PL1 and PL2 Big Smile (how's with ARM compatibility then)?

  • martinminemartinmine I eat C# for breakfast

    Really cool! Very interesting. I was imaginating you could like "transfer" a program from a computer to a tablet (Just an example) in the very near future. Just an example tho Smiley 

  • JamesJames

    Linux Containers (http://lxc.sourceforge.net/) anyone?

  • Linux Containers (http://lxc.sourceforge.net/) anyone?

    @James: As you point out, there is a rich history of sandboxing technologies that operate at the scale of an application (chroot, zones, jails, containers, etc.). These were all important advances. Our contribution is to marry application sandboxing with the library OS concept. If you want to read more detail, our ASPLOS 2011 paper provides some comparison with existing technologies.

    As far as we know, Drawbridge is the first in this class to provide not just isolation, but also persistent compatibility and execution continuity. When packaged with its library OS, a Drawbridge application can run across many different host OS versions.  And, a running Drawbridge application can move from one host machine to another (without losing its state).

  • @Charles: Perfect, thank you!

  • Wow, it's like that Galen guy and his team get to work on magic...

     

    I'm jealous of their lifestyle.

  • , JohnSawyer wrote

    I watched the video yesterday. But it got me thinking - how exactly is rearranging the OS better than using a Hyper-V VM with memory deduplication on EPT/Nested Pages?

    This keeps memory usage low. How many instances of IIS would you be able to run in VMs using memory deduplication, as opposed to the number in Drawbridge? How well does Drawbridge perform CPU-wise, as opposed to running on bare metal hypervisor?

    Any benchmarks yet?

  • JamesJames

    In the paper "Exterminate All Operating System Abstractions" (www.stanford.edu/~engler/hotos-jeremiad.ps) they talk about an "application-level operating system"; would you say that that is, or can be seen as, related to DrawBridge?

  • In the paper "Exterminate All Operating System Abstractions" (www.stanford.edu/~engler/hotos-jeremiad.ps) they talk about an "application-level operating system"; would you say that that is, or can be seen as, related to DrawBridge?

    Yes, Engler et. al invented the idea of a library OS (an "application-level operating system").  Our academic contribution was to show 1) how the interface between the library OS and the host OS can be modified to enable persistent compatibility, 2) how the it can enable migration, and 3) that Windows can be used to create a library OS.

    By the way, our paper mentioned above discusses the related work in more detail.

  • Unrelated: Would love to see Singularity's ideas go mainstream. Singularity's *the single most interesting* idea and implementation I've seen in a long time in OS research. While it might not have been the first approach it was very well executed (and documented).

    Thanks!  We are very proud of our Singularity work as well.  Interesting, several of the great ideas from Singularity were reused in Drawbridge.  For example, the Drawbridge ABI (application binary interface) is very similar to the Singularity ABI.  Also, Drawbridge employs many of the program manifest and packaging ideas that we pioneered in Drawbridge.

  • I like the way you can suspend a process or fork it across the network. That's quite impressive!

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.