Quite by accident, I stumbled into Mary Jo Foley's
article that mentioned the Microsoft Research Project
Drawbridge - and a
Channel9 video on this.
From the Channel 9 description:
Drawbridge is a research prototype of a new form of virtualization for application sandboxing. Drawbridge combines two core technologies: First, a picoprocess, which is a process-based isolation container with a minimal kernel API surface. Second, a library OS,
which is a version of Windows enlightened to run efficiently within a
picoprocess. Drawbridge combines two ideas from the literature, the picoprocess and the library OS,
to provide a new form of computing, which retains the benefits of
secure isolation, persistent compatibility, and execution continuity,
but with drastically lower resource overheads. Some time ago, there was an idea of each application having its own Virtual Machine space to run in - and it looks like this is another step toward that goal. Not sure it will make it into Windows 8, but it would not surprise me to see this as part of Windows 9. The Drastically reduced overhead, makes me wonder if they can get this to run on an ARM processor, or phone.
In the video, the indicate that they performed an experiment of running 25 Windows 2008 R2 web servers on a 16GB machine, and then when the switched the Web Servers to use the Drawbridge approach, they were getting "north" of 270 on the same hardware -of course they would have to be very lightly used web sites.
By refactoring the API layers to other modes (pulling Win32k.dll into a user mode layer - and a usermode version NTUM that communicates through a new "Security Monitor" that exposes only 35 functions to the NTOSKRNL) they reduced the footprint of what is needed - and this could be getting small enough to run on a phone.
The Win32K that expects a Keyboard, mouse, and clipboard, ends up communicating to a version of the Remote Desktop Server process (on the same machine) that emulates communicating over a network - within the processes - all isolated like a virtual machine. In fact the GUI requires using RDP to the instance that Drawbridge sets up.
Because this is all running stateless - it can save the state of the Drawbridge application - compressed, and send the application to another machine - rehydrate the application state - from any machine that can get to the cloud - due to the sandbox around the application.
It also reduced the threat surface - so it is also a very strong security play.
It is very much a prototype for a small team, and there is a good deal of work to get it to work with GPU processing - e.g. not working with IE9 right now. But it is a very promising direction that I expect to hear more about -hopefully before Windows 10.. :)