Microsoft 'Drawbridge' project seeks ways to streamline and better secure Windows

Microsoft researchers have built a "library" operating system (OS) codenamed Drawbridge, and have demonstrated working prototypes of Windows 7, Windows 8 and various Microsoft applications running on it.

At Microsoft, what comes after the "Singularity" microkernel? The answer may be "Drawbridge," a cousin of the exokernel concept.

Microsoft researchers have built a "library" operating system (OS) codenamed Drawbridge, and have demonstrated working prototypes of Windows 7, Windows 8 and various Microsoft applications running on it.

Galen Hunt, one of the driving forces behind the Microsoft Research (MSR) Singularity project, is leading the Drawbridge charge. Charon of the site has unearthed the first public details about Drawbridge. After reading a translation of Charon's Drawbridge post (from the original French) and asking Charon for clarification on a few points, here's my best attempt to explain MSR's latest operating-system effort:

The Drawbridge library OS approach is akin to the concept of an exokernel -- a design construct that's been around since at least 1994 but that hasn't yet been used by any major commercial operating systems.

What are exokernels? From an Wiki entry:

"Exokernels are an attempt to separate security from abstraction, making non-overrideable parts of the operating system do next to nothing but securely multiplex the hardware. The goal is to avoid forcing any particular abstraction upon applications, instead allowing them to use or implement whatever abstractions are best suited to their task without having to layer them on top of other abstractions which may impose limits or unnecessary overhead. This is done by moving abstractions into untrusted user-space libraries called 'library operating systems' (libOSes), which are linked to applications and call the operating system on their behalf."

Hunt and a handful of other researchers have documented their Drawbridge work in a white paper published by ACM, which they presented recently at the Architectural Support for Programming Languages and Operating Systems (ASPLOS) conference in early March. That white pape, "Rethinking the library OS from the top down," details Microsoft's approach to the library OS construct.

"The idea of the library OS is that the personality of the OS on which an application depends runs in the address space of the application. A small, fixed set of abstractions connects the library OS to the host OS kernel, offering the promise of better system security and more rapid independent evolution of OS components," according to an introduction to the paper.

The Drawbridge paper "describes the first working prototype of a full commercial OS redesigned as a library OS capable of running significant applications," the abstract says. "Our experience shows that the long-promised benefits of the library OS approach better protection of system integrity and rapid system evolution are readily obtainable."

Charon reproduced an architectural diagram of Drawbridge:

There are three isolated Drawbridge layers that can evolve independently: The host OS, the library OS and the interface.

The Drawbridge approach is different from MinWin, Microsoft's effort to untangle and reduce the dependencies in Windows, as Drawbridge focuses on not just the core, but also the higher levels of the OS, as well as applications, Charon said in his post on Drawbridge. It's also different from simply running an OS inside of a virtual machine, as there's less overhead.

Drawbridge has been tested on Windows 7, Windows Server 2008 R2, Windows 7 MinWin, a pre-release version of Windows 8 and a Hyper-V virtual machine, according to Charon's post. These prototypes are running "the latest releases of major applications, such as Microsoft Excel, PowerPoint and Internet Explorer," according to the Drawbridge researchers.

As Charon cautions, no one should expect Windows 8 -- or any future Windows version, for that matter -- to take the form of a library OS. The Microsoft Singularity project didn't change the way Windows was developed or what it looks like. There are no guarantees that this new research effort will affect Windows' design any time soon. As Charon notes, Drawbridge currently supports only 14,000 Win32 APIs while Windows has more than 100,000 Win32 APIs.

However, the project does show that the Softies are continuing to look for ways to separate the user interface from the rest of the operating system, and to be able to make changes to the OS core that wouldn't negatively affect backward compatibility of applications. Microsoft researchers have continued to investigate ways to improve security by isolating the operating system from the browser with the ServiceOS research project (and one of the Microsoft Drawbridge researchers, Jon Howell, also worked on ServiceOS when it was known as "MashupOS").

Any OS experts out there have additional observations about Drawbridge and its possible significance?