An Englishman’s home is his castle

Channel 9 have recently published an interesting video interview with some of the creators of Drawbridge. Various researchers at Microsoft Research have been doing work revolved around software isolated processes. This time they have a scheme which allows software isolation, with its associated security benefits, together with a means to allow an application to start executing on one OS and then have it migrated across to another. The scheme they use allows cheap virtualization and persistence of a running application, and at some point in the interview they mention how one could consider starting an application on a desktop machine, transferring it on to a mobile device for a train journey and migrating onto the cloud when the application needs to do a lot of processing.

The associated paper, found here gives details of the work that they have done, and while it is a research paper, and hence not directly useful, the virtualisation exercise was carried out on a modern operating system (Windows 7) and the test applications that they have run include applications such as Excel and Notepad.

They reduce the traditional kernel down to a very small number of API calls, wrapping these calls in user mode code to simulate the traditional windows operating systems API. This kernel can be controlled using a security manager, and the smaller surface area makes it a lot easier to reason about the security of the application. In addition, the kernel API is stateless, which is what makes it possible to move the application from host to host. The isolated processes communicate using sockets, and they get rid of device drivers to the mouse and windowing system by using the RDP protocol for the communication. To get this process to work they have to use a per-process simulation of the registry and the COM running object table, so the scheme will not work for all applications without more work. However, it is interesting in the video to see a process running Excel being persisted and then restarted in a new session.

Microsoft are in a transition phase at the moment, with some of Win32 being migrated into the new WinRT layer, a layer which can run be implemented on other platforms than the traditional Wintel, so the work is timely.

For a general introduction to virtualization, this article is a good read.

This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s