Serialization is a process of converting an in-memory representation of an object into a corresponding byte stream. Deserialization is a process of converting a byte stream into the corresponding object. These two processes are commonly used when information is transferred between nodes on a network. For example, complex messages, such as complex Java application objects or sensitive data, need to be serialized prior to being sent across the network.
Serialization of data may be performed as a subtask of remote method invocation (RMI). This is a way for a programmer, using the Java programming language and development environment, to write object-oriented programming in which objects on different computers can interact in a distributed network. RMI is the Java version of what is generally known as a remote procedure call (RPC), but with the ability to pass one or more objects along with the request. Serialization of data may also be performed as a subtask of encoding an object for persistent data storage.
The object can include information that will change the service that is performed in the remote computer. This is referred to as “moving behavior.” For example, when a user at a remote computer fills out an expense account, the Java program interacting with the user could communicate, using RMI, with a Java program in another computer that always had the latest policy about expense reporting. In reply, that program would send back an object and associated method information that would enable the remote computer program to screen the user's expense account data in a way that was consistent with the latest policy. The user and the company both would save time by catching mistakes early. Whenever the company policy changed, it would require a change to a program in only one computer.
An RMI request is a request to invoke the method of a remote object. The request has the same syntax as a request to invoke an object method in the same (local) computer. In general, RMI is designed to preserve the object model and its advantages across a network.
Currently, an object or complex message may be serialized using a single homogenous serialization scheme, which may be applied to every single message element of the complex message.
The existing conventional homogenous solutions impose a common cost to all the individual message elements in a complex message even when particular message elements have different preferred over-the-wire encoding algorithms. High cost processing and unnecessary use of resources (such as processor cycles, memory, network bandwidth etc.) may be consumed to encode, encrypt or perform any of numerous serialization processing schemes to all of the message elements of a particular message. However, serialization schemes which encrypt each of the message elements of a particular message may be unnecessary when only one message element requires such a serialization scheme.
As illustrated below in TABLE 1, the conventional serialization schemes are applied without any consideration for the individual portions of the entire message (i.e., homogenous serialization),
TABLE 1public class CurrentSolution {public String smallString = “A shortString.”;public String bigString = buildBigString( );public String privateString =“This string should be encyrpted.”;public byte[ ] smallByteArray = new byte[10];public byte[ ] bigByteArray = new byte[10000];public static String buildBigString( ) {// Return a very large String, e.g.,// more than 10,000 characters.byte[ ] big = new byte[40000];String result = new String(big);return result;}public byte[ ] serialize(OutputStream os)throws IOException {byte[ ] encodedBuffer = new byte[2000];ObjectOutputStream oos =new ObjectOutputStream( os);oos.writeObject(smallString);oos.writeObject(bigString);oos.writeObject(encrypt( ));oos.writeObject(smallByteArray);oos.writeObject(bigByteArray);return encodedBuffer;}public byte[ ] encrypt( ) {byte[ ] result = new byte[3000];// Compute the encrypted Stringreturn result;}}
Conventional solutions of serialization are homogenously applied to the entire message such that the entire message is encoded under the same encoding mechanism that provides unnecessary encoding to portions of the message which are not sensitive. A more efficient serialization scheme would apply the encoding mechanism to only the portion(s) of the message that actually require the added protection of a particular encoding scheme. The other less sensitive portions of the message would be encoded according to a less stringent or simpler form of serialization.