Microsoft Drawbridge: OS Modularity

Microsoft has released new details on an experimental operating system concept named Drawbridge. In early March Microsoft researchers presented a paper entitled Rethinking the Library OS from the Top Down. The paper describes a new interaction between a user-level application and its OS. The paper can be found at the ACM Digital Library [frustratingly, we can’t redistribute the article since it’s behind a paywall, like too much of the scientific world]. It describes an ambitious plan to separate the traditional API parts of an OS from the underlying kernel of the OS. But a full analysis requires some background.

In 2007 Eric Traut, a developer at Microsoft, revealed a new kernel under development called MinWin. This new kernel was the same NT kernel that had been around since Windows NT 3.1, but it was refactored to be a more modular, smaller kernel. The result was a kernel that had a memory footprint of about 33 MB that could be used to build future versions of Windows. MinWin went on to be used in Windows 7 and Windows Server 2008.

Many people were wondering if MinWin would be released as a separate product. In the past, Microsoft has taken the “Monolithic” part of the monolithic operating system to its extremes. If there were a tight, lightweight kernel underneath all that bloat it would represent some exciting possibilities. What everyone was forgetting is MinWin did not represent the creation of one thing but three. MinWin was at the bottom, the top was all the Win32 “guts” applications used to access the OS, but the interface between MinWin and the Win32 API was a triumph in and of itself. MinWin could be replaced by more advanced technology, but as long as the interface stayed the same the upper layers would continue to function correctly.

Fast forward to Drawbridge and we find that Microsoft has taken advantage of this modularity. Drawbridge can take a user application, for instance Excel 2010, and then package it with the parts of Windows 7 that directly interact with that application. Drawbridge then creates a package with these two elements and calls it a library OS. The library OS uses a highly simplified Application Binary Interface (ABI) to interact with the underlying OS. There are over 100,000 API functions within Windows 7. These are all consolidated into a black-box that is merged into the Excel process making one modular package. Currently this works for Windows 7 applications (or apps that can be run on Windows 7.

Drawbridge Advantages

There are a number of immediate advantages to packaging parts of the OS into the application. The Windows registry can be virtualized into a private store for the one particular app. Although not mentioned, one side effect of registry virtualization should be when the app is removed it should clear out all application settings. So there would no longer be anything left behind.
Because much of the state of the OS is contained within the package, the app could more easily be migrated from one running machine to another. The app is paused and a snapshot of its memory is taken to migrate it to another machine. This snapshot can be as little as a few megabytes. In contrast, a snapshot of a full-blown OS guest partition under Hyper-V or VMware is many times larger.

The Drawbridge paper details a number of security advantages as well. With the OS API virtualized into each application package, it’s harder for one app to compromise the configuration of another app. The need to apply security patches is also greatly reduced; a library OS package is not a fully blown OS, therefore, its attack surface is greatly reduced so there are fewer vulnerabilities.


But what is the underlying OS that runs this package? The Drawbridge paper details their work with no less than five operating systems that have been redesigned to run Drawbridge packages:

  • Windows 7. For those who think running a Windows 7 application on Windows 7 is not all that groundbreaking, remember Microsoft is trying to demonstrate portability across multiple operating systems. What better place to start than with your current desktop operating system. Remember also all the other benefits of a Drawbridge package.
  • Windows Server 2008 R2. Similar to Windows 7, the server platform must be supported to provide for a smooth transition.
  • Windows 8. The Drawbridge paper doesn’t call it “Windows 8”, they simply name it the “pre-release of the next version of Windows”. No surprise here as it can be assumed Windows 8 will be at least as capable as Windows 7.
  • MinWin. Here’s where it gets interesting. If most of the OS functionality is packaged into the application, why deploy onto a full version of Windows 7? MinWin fits the bill quite nicely and fulfills the promise of a lighter, more agile Windows operating system.
  • Hyper-V. The Drawbridge package runs at Ring 0 while the hypervisor continues to run at Ring -1. This might be useful for virtualizing user applications while imposing less overhead than a traditional guest partition with a full OS.
  • Barrelfish. A separate team of researchers have started, but not finished, an implementation of Drawbridge on Barrelfish. This is a research OS under development. It was started from scratch to explore operating system concepts for scaling across hundreds of CPU cores. Barrelfish is some awesome technology that rethinks many OS concepts from scratch. If it could be modified to run Drawbridge apps it would gain a huge library of existing software. Drawbridge could help a research OS like Barrelfish come to market more quickly.

Speculation on Future Work

Although Microsoft could port non-Windows 7 applications to the Drawbridge platform, it seems unlikely they would expend such efforts. How many apps run fine on Vista but not Windows 7? Very few fall into this category. A more likely target would be Windows XP, but Microsoft has expressed little interest in supporting an OS whose support officially ended in 2010.

Microsoft could port applications from other OSs to run on a Drawbridge platform. The design is modular; the interface has a fixed application binary interface (ABI) where the app interacts with the OS. An emulation layer converts all the native operations, e.g. accessing memory, disk, network, etc., to a fixed language that can then call the underlying operating system.

Future endeavors will likely be directed towards keeping Windows 7 as the application framework and instead completely ripping out the guts underneath. We already see these efforts with MinWin and Hyper-V. In the extreme, these efforts lead to platforms like Barrelfish, where the OS and kernel are completely legacy-free.

One of the co-authors on the Drawbridge paper is Galen Hunt, who is one of the primary researchers on the Singularity project. Singularity is a complete reexamination of the OS paradigm. It was written as a memory-safe and type-safe OS and has zero backwards compatibility with any existing software or drivers. If it could run existing user software using a facility similar to Drawbridge it could bring Singularity out of academia and into production. Midori is a rumored incubation project that is based on Singularity. Its Achilles heal has been its lack of support for the existing base of software in the world. Drawbridge could bridge this gap.

Microsoft’s Future

Back in the late 80’s Microsoft had a problem. Applications, drivers and utilities needed access to more memory than 640kB. The industry was starting a painful transition to 32-bit operating systems and Microsoft was behind the competition. Competitors like OS/2 were positioned to eat Microsoft’s lunch. Through Windows for Workgroups 3.11 and Windows 95 Microsoft was able to catch up and offer a 32-bit platform with backward compatibility with existing MS-DOS and Windows application. That hat-trick cemented Microsoft’s dominance in desktop computing for twenty years.

Microsoft now faces a different problem. The industry’s transition to 64-bit is nearly complete and with much less pain than its 32-bit transition. The problems now stem from more fundamental OS concepts. The monolithic nature of Windows manifests itself mostly in its security, or lack thereof. New security patches are exactly that, patches onto a giant system that is proving itself increasingly fragile. The underlying problem is the lack of modularity in its core and the inability of Windows to evolve. Many foundational OS concepts cannot be changed because they would break compatibility; hence the need for more patches. If Drawbridge enables rapid innovation in the core of the OS, Microsoft may be able to dodge its fate a second time.


  1. 2011-05-04 10:20 pm
    • 2011-05-05 5:42 am
    • 2011-05-06 1:20 pm
  2. 2011-05-04 10:30 pm
    • 2011-05-05 2:51 am
  3. 2011-05-04 11:57 pm
  4. 2011-05-05 12:06 am
  5. 2011-05-05 12:07 am
  6. 2011-05-05 12:19 am
    • 2011-05-05 3:18 am
    • 2011-05-06 11:35 am
  7. 2011-05-05 5:12 am
    • 2011-05-05 8:40 am
  8. 2011-05-05 7:42 am
  9. 2011-05-05 8:19 am
    • 2011-05-05 5:26 pm
  10. 2011-05-05 8:47 am
    • 2011-05-05 8:40 pm
  11. 2011-05-05 9:26 am
    • 2011-05-05 10:38 am
    • 2011-05-05 2:57 pm
  12. 2011-05-05 12:23 pm
  13. 2011-05-05 2:21 pm
  14. 2011-05-05 8:09 pm
  15. 2011-05-06 3:07 am
  16. 2011-05-06 12:59 pm
    • 2011-05-06 4:05 pm
      • 2011-05-06 9:50 pm
        • 2011-05-06 11:17 pm
          • 2011-05-06 11:26 pm
          • 2011-05-06 11:28 pm