Cisco DX Series - Desktop Collaboration
Cisco DX Series - Desktop Collaboration
While working in the Collaboration Group at Cisco I worked on the “Cisco DX Series” desktop collaboration products. I was the lead developer and architect for the design and development of several software features for the Cisco DX series. These product use Android OS. As architect for the features, the various tasks were: a) Researching all architectural and security aspects for the feature, b) Interfacing with Product marketing, User-Experience teams and development engineering teams, and c) Defining tasks for developers in the team. Agile development methodology was followed for development of various features on the DX series platform.
Image Source: Cisco Website
As mentioned in the Cisco DX Series Website the main features of Collaboration Desktop devices are:
-
Business-Class HD Video
-
Integrated Colloboration with Android
-
Touch Screen
-
and Multi-user Login with Multi-layer security
I was the lead architect and developer for the multi-user feature. This feauture on the DX is built on Cisco Extension Mobilty feature[1]. Figure 1, below shows the main differences between Cisco DX series Multi-user and the Android Multi-user.
Figure 1: Cisco DX - Multi-user vs Android Multi-user
Cisco Multi-user Feature Architecture:
Figure 2, shows the Multi-user (MU) component architecture for the feature. The UI for Multi-user is implemented as an Android Activity and there is a background Android Service that is part of the Multi-user Service, that listens to the Broadcast receivers from other components shown. MU component itself sends out Broadcast notification about its state that various components use to take action.
Figure 2: Multi-user Component Architecture
Security Considerations:
As the Cisco DX Series is targeted towards enterprise customers - e.g: Banks, Hospitals etc., Security is a primary consideration and is built ground up into the DX series product. The
details of these are in the security white paper.
As the lead for multi-user, I investigated the Android multi-user framework from a security standpoint. The researchers in [2] list of many of the issues facing multi-user in Android. These are primarily centered around these areas:
-
Unprotected Activities
-
Unrestricted Administrative function
-
Use of Sensors and Hardware by multiple users
-
Shared Package information
Android multi-user is based on the fact that there is one “privileged” user and others
are either a ‘normal’ user or a ‘restricted’ user. That is, there is ‘owner’ of the device concept and that leads to issues listed above.
The multi-user implementation on Cisco DX series is built upon extension mobility and this feature is provisioned by the administrator. Further, there is file system level protection provided between users. The file system level protection is accomplished by maintaining a separate partition for each user and at device boot-up time, map the logged-in user to the ‘/data’ partition.
Using this mechanism a complete separation of user data and apps is accomplished, thereby addressing all the issues faced in a stock Android release.
References:
[1] Cisco Extension Mobility : http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/8_6_1/ccmfeat/fsgd-861-cm/fsem.html
[2] Paul Ratazzi,et al. A Systematic Security Evaluation of Android's Multi-User Framework. In Proceedings of the Mobile Security Technologies (MoST) workshop, May 16, 2014.
