Drawbridge: A new form of virtualization for application sandboxing
- Posted: Oct 17, 2011 at 10:27AM
- 28 comments
Loading user information from Channel 9
Something went wrong getting user information from Channel 9
Loading user information from MSDN
Something went wrong getting user information from MSDN
Loading Visual Studio Achievements
Something went wrong getting the Visual Studio Achievements
Right click “Save as…”
Drawbridge is a research prototype of a new form of virtualization for application sandboxing. Drawbridge combines two core technologies: First, a picoprocess, which is a process-based isolation container with a minimal kernel API surface. Second, a library OS, which is a version of Windows enlightened to run efficiently within a picoprocess. Drawbridge combines two ideas from the literature, the picoprocess and the library OS, to provide a new form of computing, which retains the benefits of secure isolation, persistent compatibility, and execution continuity, but with drastically lower resource overheads.
The Drawbridge library OS is an experimental Windows 7 library OS - a research project and proving ground for a larger concept: application virtualization and sandboxing. Drawbridge is capable of running the latest releases of major Windows applications such as Microsoft Excel, PowerPoint, and Internet Explorer with very little overhead compared to the traditional virtualization techniques. The experiment is going well! Now, what's going on here, exactly?
Drawbridge research team members Galen Hunt, Reuben Olinsky and Jon Howell dig into some of the details, including project rationale and OS architecture, of research project Drawbridge.