.png)
FAQ! Need Help?
Kernel & Application Protector
Frequently asked questions
CHESS stands for Configurable Hardware Enforced Safety & Security. The CHESS platform developed by SecurWeave leverages virtualization extensions in the hardware and provides protection to systems from advanced threats of today. CHESS has two variants, CHESS-P and CHESS-E.
CHESS-P is specifically designed for protection of systems from malware that has kernel mode attack vectors. CHESS-P is designed for protection of systems that host a single OS and does not have virtualized applications executing on the OS.
CHESS-E targets emerging embedded systems where safe and secure coexistence of multiple Operating Systems are mandatory. Apart from the kernel mode protection features, CHESS-E also provides safety, mixed criticality and determinism.
The hypervisor module in CHESS-P leverages hardware virtualization extensions in a unique way to provide security and safety to the system. The hypervisor is completely built from scratch by the SecurWeave team
Performance micro benchmarking tests show drops of less than 0.01 percentage. Performance tests on applications show no deviations when compared to tests performed without CHESS. Performance test results are available on request.
We started with Linux as the government agencies we interacted with earlier were keen on Linux. As the hypervisor layer which is the key component of CHESS is OS independent, supporting Windows or any other Operating Systems can be done with not so significant effort. Windows support is definitely in our roadmap.
The new feature additions in the chip does not make existing features obsolete as all chip makers (specifically Intel) ensures backward compatibility when a new chip is introduced. Infact, currently our hypervisor without any changes works in the below list of processors.
Intel Core i7-9700
Intel Core i7-7700
Intel Core i7-2600
Intel Core i5-7200U
Intel Core i5-4200U
Intel Core i5-3570
Intel Core i3-8145
Intel Core i3-4010
For CHESS-P we are looking at the embedded industry (SBCs), open switches, routers, gateways and desktop/servers that does not launch virtualized applications.
Government Organisations
Industrial Automation
Aerospace & Defence
Healthcare & Medical Devices
Automotive
Telecom
BFSI
CHESS-P is targeted for embedded systems that are part of below industry segments.
Industrial IoT
Automotive
Avionics
Today we have support for Intel x86 and RISC-V. ARM processor support is in progress.
We have used the standard microsoft threat modelling tools. Apart from that we have followed secured design and coding practices.
We are not following a particular standard but enforcing secure practices in our design and implementation. We target to get EAL certified in the future and have had preliminary talks with common criteria labs (STQC) in Delhi.
Each component in the boot chain (from firmware till OS) has a role to play in secure boot and ensures that the boot time components are safe. Our significant play is beyond the boot ie run time to protect the system from kernel mode attacks that can happen during the run time of the system.
Architecture of CHESS makes it possible for integrating with any 3rd party user space protection software seamlessly. For restrictive environments, we can provide certain levels of user space protection features such as hypervisor enforced application whitelisting etc without any 3rd party dependencies.
CHESS-P for x86 is currently deployed in IITM Rise Labs on Intel servers and these installations are used for malware testing as well as in 5G test beds. We have been working with IITM to enable CHESS-P support for the Shakti family of microprocessors, which is the nation's first indigenous RISC-V based SoC.
We use openly available advanced malware samples as well as custom developed ones.