MicroStream Serializer

The better serialization for Java.
At last secure serialization. Ultra-fast. Super easy to use.
Solves the biggest security issue of Java.

What's the problem with Java serialization of today?

Java serialization is totally unsecure and a high security risk.



Serialization:

An object is converted into a binary data stream that is sent to a receiver.

Binary data stream
SENDER RECIVER
De-Serialization:

The receiver acquires the data stream and creates an object again.


High security risk

  • Data and code is transferred together
  • Any transferred code is executed automatically
    through de-serialization
  • Creating and injecting malicious code is scarily easy
  • Only limited protection by black- & white-listing
  • Serialization is used almost everywhere
  • Most of our dependencies are risky as well

Limitations

  • All used objects must implement
    the interface java.io.Serializable
  • It's not possible to serialize objects from third-party
    APIs that haven't implemented that interface
  • The object-graph is not kept synchronized

Serialization was a horrable mistake.
Half of all Java vulnerabilities are linked to the current serialization.

Mark Reinhold

Chief Architect of the Java Platform at Oracle

What's about XML & JSON?

XML & JSON are flat data structure that break your Java object-graph

  • Unsuited data structures brake your object-references
  • Often redundant data are transferred
  • Unnecessary overhead
  • Loss of performance by parsing XML/JSON strings
  • Very slow in case of larger amount of data



MicroStream
Why MicroStream Serializer?

MicroStream is the very first bullet-proof serialization for Java


At last Secure Serialization

  • No code is transferred, data only
  • No code is executed through de-serialization
  • Injecting malicious code is impossible
  • Solves the biggest security issue of Java

At last Secure Serialization

  • No code is transferred, data only
  • No code is executed through de-serialization
  • Injecting malicious code is impossible
  • Solves the biggest security issue of Java

No Limitations

  • Any object can be serialized
  • No annotations needed
  • No special interface needed
  • No special superclass needed
  • Any object from third-party APIs can be serialized

Super easy to use

  • Pure Java
  • Download via Maven
  • Use your classes as they are
  • Easy migration



MicroStream solves
the biggest security issue of Java ever!

Getting Started



MicroStream Architecture

MicroStream Serializer enables communication between object-graphs


MicroStream Serialization Architecture

MicroStream allows to transfer any Java object-graph.
No code is transferred, data only. No code is executed by de-serialization.
Thus, injecting malicious code is impossible.




Some Code

MicroStream serialization is super easy to use ...


Hello World!

This simple show-case uses the default implementation running on localhost. After connecting to the host, the client sends a "Hello World!" string to the host, which is sent back to the client as an echo by the host.


Host:

    // MicroStream Default Configuration Localhost (can be changed)
    ComBinary.runHost();

Client:

    // MicroStream Default Configuration Localhost (can be changed)
    ComChannel com = ComBinary.connect();
    System.out.println("Server reply: " + com.request("Hello World!"));


Sending any object

After connecting to the host, the client sends a tiny customer object to the host. After receiving the object the host sends a welcome message back to the client.

Host:

    // setup the host instance for a custom address and business logic
    final ComHost<?> host = ComBinary.Foundation()
        .setHostBindingAddress(new InetSocketAddress("www.myAddress.com", 1337))
        .registerEntityTypes(Customer.class)
        .setHostChannelAcceptor(hostChannel ->
        {
        // sessionless / stateless greeting service
           final Customer customer = (Customer)hostChannel.receive();
           hostChannel.send("Welcome, " + customer.name());
           hostChannel.close();
        })
        .createHost();

Client:

    // setup a client instance for a custom address
    final ComClient<?> client = ComBinary.Foundation()
       .setClientTargetAddress(new InetSocketAddress("www.myAddress.com", 1337))
       .createClient();

    // create a channel by connecting the client
    final ComChannel channel = client.connect();

    // send an object graph (customer and its name) through the channel and print the response
    System.out.println("Server reply: " + channel.request(new Customer("John Doe")));


Super easy to replace
Make your Java secure starting today!

With MicroStream serialization you can not only run your own code secure, but your dependencies as well. MicroStream can easily replace the default serialization of many frameworks.

Getting Started


Store your data with MicroStream!

MicroStream is also a the very first Native Java Data Store.


MicroStream

Native Java Data Store.
Create ultra-fast Java in-memory
database apps.

With MicroStream you can also store data. However, MicroStream is not a dumpy blob store. MicroStream allows you to store and load single entities. The persistent data can be specifically updated partially like database management systems do. MicroStream enables you to develop ultra-fast pure Java in-memory database applications for the next generation use-cases.

Native Java Data-Store


MicroStream

Next Generation Serialization for Java and Native Java Data Store for developing ultra-fast Java in-memory database applications

Resources
Cotact us