Drawbridge is a research prototype of a new form of virtualization for application sandboxing. Drawbridge combines two core technologies: First, a picoprocess, which is a process-based isolation container with a minimal kernel API surface. Second, a library OS, which is a version of Windows enlightened to run efficiently within a picoprocess. Hardware-based Virtual Machines (VMs) have fundamentall
![Drawbridge - Microsoft Research](https://cdn-ak-scissors.b.st-hatena.com/image/square/bd774ec13875cc10be403936aa11ed70a761d13f/height=288;version=1;width=512/https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fresearch%2Fuploads%2Fprod%2F2016%2F02%2Fdrawbridge-library_os.png)