top of page

FAQ! Need Help?

Kernel & Application Protector

  • What is CHESS?
    CHESS stands for Configurable Hardware Enforced Safety & Security. The CHESS platform developed by SecurWeave leverages virtualization extensions in the hardware and provides protection to systems from advanced threats of today. CHESS has two variants, CHESS-P and CHESS-E. CHESS-P is specifically designed for protection of systems from malware that has kernel mode attack vectors. CHESS-P is designed for protection of systems that host a single OS and does not have virtualized applications executing on the OS. CHESS-E targets emerging embedded systems where safe and secure coexistence of multiple Operating Systems are mandatory. Apart from the kernel mode protection features, CHESS-E also provides safety, mixed criticality and determinism.
  • Are you using any 3rd party commercial or open source hypervisor as part of your product?
    The hypervisor module in CHESS-P leverages hardware virtualization extensions in a unique way to provide security and safety to the system. The hypervisor is completely built from scratch by the SecurWeave team
  • What are the performance impacts?
    Performance micro benchmarking tests show drops of less than 0.01 percentage. Performance tests on applications show no deviations when compared to tests performed without CHESS. Performance test results are available on request.
  • Why is CHESS-P supporting only Linux today?
    We started with Linux as the government agencies we interacted with earlier were keen on Linux. As the hypervisor layer which is the key component of CHESS is OS independent, supporting Windows or any other Operating Systems can be done with not so significant effort. Windows support is definitely in our roadmap.
  • Will CHESS force the userto stick to a particulartype of hardware /chip forever?
    The new feature additions in the chip does not make existing features obsolete as all chip makers (specifically Intel) ensures backward compatibility when a new chip is introduced. Infact, currently our hypervisor without any changes works in the below list of processors. Intel Core i7-9700 Intel Core i7-7700 Intel Core i7-2600 Intel Core i5-7200U Intel Core i5-4200U Intel Core i5-3570 Intel Core i3-8145 Intel Core i3-4010
  • Which are the industry segments targeted by CHESS ?
    For CHESS-P we are looking at the embedded industry (SBCs), open switches, routers, gateways and desktop/servers that does not launch virtualized applications. Government Organisations Industrial Automation Aerospace & Defence Healthcare & Medical Devices Automotive Telecom BFSI CHESS-P is targeted for embedded systems that are part of below industry segments. Industrial IoT Automotive Avionics
  • What are the processors families that are supported?
    Today we have support for Intel x86 and RISC-V. ARM processor support is in progress.
  • Have you undertaken any threat modelling?
    We have used the standard microsoft threat modelling tools. Apart from that we have followed secured design and coding practices.
  • Are you following any particular standard (eg NIST)?
    We are not following a particular standard but enforcing secure practices in our design and implementation. We target to get EAL certified in the future and have had preliminary talks with common criteria labs (STQC) in Delhi.
  • Why can't this requirement be met with a secure boot application?
    Each component in the boot chain (from firmware till OS) has a role to play in secure boot and ensures that the boot time components are safe. Our significant play is beyond the boot ie run time to protect the system from kernel mode attacks that can happen during the run time of the system.
  • What about user space protection ?
    Architecture of CHESS makes it possible for integrating with any 3rd party user space protection software seamlessly. For restrictive environments, we can provide certain levels of user space protection features such as hypervisor enforced application whitelisting etc without any 3rd party dependencies.
  • Have you installed the product anywhere?
    CHESS-P for x86 is currently deployed in IITM Rise Labs on Intel servers and these installations are used for malware testing as well as in 5G test beds. We have been working with IITM to enable CHESS-P support for the Shakti family of microprocessors, which is the nation's first indigenous RISC-V based SoC.
  • How do you test the product against APTs?
    We use openly available advanced malware samples as well as custom developed ones.
bottom of page