Next Generation Java Serialization

High-secure. Injecting malicious code is impossible. Solves the biggest security issue of Java.
No limitations. Any object can be serialized. Transferring deltas only is possible.
Makes elegant object-graph communication possible.

Coming soon!

What's the problem with Java serialization of today?

Java serialization is insecure and a high-security risk.



Serialization:

An object is converted into a binary data stream that is sent to a receiver.

Binary data stream
SENDER RECIVER
De-Serialization:

The receiver acquires the data stream and creates an object again.


High-security risk

  • All serializable classes in the classpath are serialized
    automatically through deserialization
  • Creating and injecting malicious code is scarily easy
  • Only limited protection by black- & white-listing
  • Serialization is used almost everywhere
  • Most of our dependencies are risky as well

Strong limitations

  • All used objects must implement
    the interface java.io.Serializable
  • Objects from 3rd party APIs that haven't
    implemented that interface can't be serialized
  • Keeping your object graph synchronous is not suited

Serialization was a horrible mistake.
Half of all Java vulnerabilities are linked to the current serialization.

Mark Reinhold

Chief Architect of the Java Platform at Oracle

What's about XML & JSON?

XML & JSON data structure break your Java object graph.

  • Unsuited data structure for complex object graphs
  • XML & JSON brake your object references
  • Redundancies in case of circular references
  • Unnecessary overhead
  • Loss of performance by parsing XML/JSON strings
  • Very slow in case of a larger amount of data



MicroStream
Why MicroStream Serialization & Communication?

MicroStream is the very first bulletproof serialization for Java


Bullet-proof Serialization

  • Data only serialization
  • Execution classes automatically
    through deserialization is impossible
  • Injecting malicious code is impossible
  • Solves the biggest security issue of Java

Ultra-fast

  • Highly optimized native byte format
  • No unnecessary overhead by strings
  • Redundance-free data transfer

No Limitations

  • Any object can be serialized
  • No annotations needed
  • No special interface needed
  • No special superclass needed
  • Any object from third-party APIs can be serialized

Super easy to use

  • Pure Java
  • No dependencies
  • Download via Maven
  • No internal configuration needed
  • Use your classes as they are
  • Easy migration



MicroStream solves
the biggest security issue of Java ever!




MicroStream Communication

MicroStream Serialization additionally enables object graph communication


MicroStream Serialization Architecture

MicroStream allows us to transfer and update any Java object graph.
No classes are executed through deserialization automatically.
Injecting malicious code is impossible.




Some Code

MicroStream serialization is super easy to use ...


Hello World!

This simple show-case uses the default implementation running on localhost. After connecting to the host, the client sends a "Hello World!" string to the host, which is sent back to the client as an echo by the host.


Host:

    // MicroStream Default Configuration Localhost (can be changed)
    ComBinary.runHost();

Client:

    // MicroStream Default Configuration Localhost (can be changed)
    ComChannel com = ComBinary.connect();
    System.out.println("Server reply: " + com.request("Hello World!"));


Sending any object

After connecting to the host, the client sends a tiny customer object to the host. After receiving the object the host sends a welcome message back to the client.

Host:

    // setup the host instance for a custom address and business logic
    final ComHost<?> host = ComBinary.Foundation()
        .setHostBindingAddress(new InetSocketAddress("www.myAddress.com", 1337))
        .registerEntityTypes(Customer.class)
        .setHostChannelAcceptor(hostChannel ->
        {
        // sessionless / stateless greeting service
           final Customer customer = (Customer)hostChannel.receive();
           hostChannel.send("Welcome, " + customer.name());
           hostChannel.close();
        })
        .createHost();

Client:

    // setup a client instance for a custom address
    final ComClient<?> client = ComBinary.Foundation()
       .setClientTargetAddress(new InetSocketAddress("www.myAddress.com", 1337))
       .createClient();

    // create a channel by connecting the client
    final ComChannel channel = client.connect();

    // send an object graph (customer and its name) through the channel and print the response
    System.out.println("Server reply: " + channel.request(new Customer("John Doe")));


Super easy to replace
Make your Java secure starting today!

With MicroStream serialization, you can run your code more secure than ever before.
MicroStream can easily replace the default serialization of many frameworks.



Store your data with MicroStream!

MicroStream

Java-Native Persistence.
Create ultra-fast Java in-memory
database apps.

With MicroStream you can also store data. However, MicroStream is not a dumpy blob store. MicroStream allows you to store and load single entities. The persistent data can be specifically updated partially like database management systems do. MicroStream enables you to develop ultra-fast pure Java in-memory database applications for the next generation use-cases.

Java-Native Persistence


MicroStream

Next Generation Serialization for Java and Java-Native Persistence for developing ultra-fast Java in-memory database applications

Contact us