Linked by Dan Massameno on Wed 4th May 2011 21:28 UTC
Microsoft Microsoft has released new details on an experimental operating system concept named Drawbridge. In early March Microsoft researchers presented a paper entitled Rethinking the Library OS from the Top Down. The paper describes a new interaction between a user-level application and its OS. The paper can be found at the ACM Digital Library [frustratingly, we can't redistribute the article since it's behind a paywall, like too much of the scientific world]. It describes an ambitious plan to separate the traditional API parts of an OS from the underlying kernel of the OS. But a full analysis requires some background.
Thread beginning with comment 472013
To view parent comment, click here.
To read all comments associated with this story, please click here.
Patching will hopefully not be that bad.
by danmassa7 on Fri 6th May 2011 11:35 UTC in reply to "MinWin"
danmassa7
Member since:
2008-07-22

You’re totally right. Having a subset of the OS packaged into the application means with 50 Drawbridge applications installed on one system you would have to potentially patch 50 OS sub-systems. Nightmare.
Thankfully, it probably will not be that bad.

1. Vulnerabilities exposed in an app should not be reachable if the app is not running. The attack surface is limited to those apps that are actually executing.

2. Patching all those Win32 subsystems will hopefully be automated with tools.

3. If a particular app doesn’t need 98% of the OS subsystem, those unused parts could be pruned off prior to distributing it to the end-users. Would this be something the developer could do or would it take a team of engineers familiar with the underlying guts of the OS to pull off? I don’t know. Hopefully the former (with automated tools).

4. Remember, this is only a stopgap solution. The real goal is to roll out an entirely new OS that is MUCH more secure (among other tangible benefits, I’m sure). Drawbridge could then be used to supply backward compatibility during a transition period (i.e. 20 years). During that time, our core OS would be much more secure but our Drawbridge apps would be no better off, but no worse off.

Edited 2011-05-06 11:37 UTC

Reply Parent Score: 2