This research project aims to Microsoft supports three important elements of virtual computing: safe isolation (Secure Isolation) of certain applications in order to protect others, continued Compatibility (Persistent Compatibility), which means that the development The host system should never hinder the performance of their applications and continuous execution (Execution Continuity) which means that applications should not be connected to the host system in which they are launched and can be removed from the computer in computer time and space within an execution. Despite the significant advantages provided by virtualization, virtual machines have a lot of waste of resources in terms of disk space, memory, processor cycle time and administrative. Drawbridge should incorporate both theoretical idea of the system architecture: pikoproceset and library operating system to enable the advantages that virtualization provides, and also to reduce consumption of resources. Pikoproces (Picoprocess) it is easy safe container insulating work by an addressing space within the operating system, but without the traditional operating system services. The application binary interface (Application Binary Interface) between the code which is executed in pikoproces and operating system, follow the forms of virtual machines hardware design, and consists of five claims closed fixed semantics, provided by the so-called stateless interface.
All requirements of servicing ABI security monitor, which has the role of hypervizorit or VM monitor from traditional hardware design of virtual machines. Even though the interface of Drawbridge pikoprocesit follow virtual machines hardware models, using high-level abstraction of the interfaces and processes string, private virtual memory, the information input / output instead of abraksionit hardrverik processor, MMU’s and equipment records. The Drawbridge abstraction enables efficient implementation of operating system code within pikoprocesit and better allocation of resources. The library operating system (OS Library) executes a set of libraries within the context of the application, which enables virtualization skalabilitet and better applications. Drawbridge Although many systems can start libraries, the main advantage offered by Drawbridge is the version of Windows tailored for execution within a pikoprocesi Drawbridge.Drawbridge library system consists of Windows NT kernel to user model (NTUM) which is executed within pikoprocesit and Win32 subsystem provides the user mode and the same NT NT kernel API as well as traditional which is executed directly in hardware or VM hardware, but is significantly smaller due to the high level of abstraction that provides Drawbridge ABI. In this way Drawbridge DLL can execute many services and the classic version of Windows, with Windows applications without any modifications.
With reference to Drawbridge paper:
Each instance has significantly lower overhead than a full VM bundled with an application: a typical application adds just 16MB of working set and 64MB of disk footprint. We contribute a new ABI (application binary interface) below the library OS that enables application mobility. We also show that our library OS can address many of the current uses of hardware virtual machines at a fraction of the overheads.
In the video above, Drawbridge research team members Galen Hunt, Reuben Olinsky and Jon Howell dig into some of the details, including project rationale and OS architecture, of research project Drawbridge.