OSDev.org

I don't know if anyone's seen this before, but I just ran into another interesting project from Microsoft Research. Called Drawbridge, they refactored Windows itself into an exokernel-like architecture that is capable of running (at least) Office apps, Internet Explorer, and IIS. Their motivation was to get the isolation and forward/backward compatibility of VMs without the extra performance cost, similar to Docker/LXC but with a different implementation strategy.

http://research.microsoft.com/en-us/pro ... rawbridge/
http://research.microsoft.com/apps/pubs ... ?id=141071

It seems they implemented a micro-kernel approach. There is WindowsNT kernel accompanied by some drivers and wrapped with a security monitor:


The compatibility here (possibly) is implemented as a standard Windows API, but with an interceptor in between in form of the security monitor. The same can be said about isolation.

It is still not clear how they solved security issues with the code which is run in OS process address space.

And one more question - why they just forgot about their .NET runtime? Where is the compatibility with the tons of the .NET code? It seems they try to make "a better Windows", but it is still the Windows and nothing else.

It's not really a typical microkernel- they didn't really try to minimize the kernel itself, and they didn't isolate system services from each other or their client processes. Instead, they moved large chunks of the kernel into a library that gets linked with each application. There's no interceptor, the apps just call the library directly (without recompilation, because windows apps already call into a dll to make system calls). That way, bugs in the library OS only take down the particular app that triggers them, rather than the whole kernel (as in a monolithic architecture) or the service (as in a microkernel).

They also did include .NET in their library OS, as well as DirectX.

At least the picture above looks like microkernel and some system services. Are the services isolated or not is hidden somewhere within the http://www.microsoft.com.

What is a difference between "moving large chunks of the kernel" and "use the same kernel"? Is there any separation of components or some refactoring performed? Or it means just extraction of system services from monolithic kernel? If the last is true then now it is not a monolithic kernel, or it is?

But if as you have said there is no isolation - why the bug takes down just a particular application instead of the whole kernel?

I hope they manged to make some refactoring and to introduce some componentization (isolation). But I haven't studied the OS in depth.