中文摘要：

首先给出了访问驱动Cache计时攻击的模型，提出了该模型下直接分析、排除分析两种通用的AES加密泄漏Cache信息分析方法；然后建立了AES加密Cache信息泄露模型，并在此基础上对排除分析攻击所需样本量进行了定量分析，给出了攻击中可能遇到问题的解决方案：最后结合OpenSSL v．0．9．8a，v0．9．sj中两种典型的AES实现在Windows环境下进行了本地和远程攻击共12个实验．实验结果表明，访问驱动Cache计时攻击在本地和远程均具有良好的可行性；AES查找表和Cache结构本身决定了AES易遭受访问驱动Cache计时攻击威胁，攻击最小样本量仅为13；去除五表的OpenSSLv．0．9．sj中AES最后一轮实现并不能防御该攻击：实验结果多次验证了AES加密Cache信息泄露和密钥分析理论的正确性．

英文摘要：

Firstly, this paper displays an access driven Cache timing attack model, proposes non-elimination and elimination two general methods to analyze Cache information leakage during AES encryption, and builds the Cache information leakage model. Next, it uses quantitative analysis to attack a sample with the above elimination analysis method, and provides some solutions for the potential problems of a real attack. Finally, this paper describes 12 local and remote attacks on AES in OpenSSL v.0.9.Sa, v.0.9.8j. Experiment results demonstrate that： the access driven Cache timing attack has strong applicability in both local and remote environments; the AES lookup table and Cache structure decide that AES is vulnerable to this type of attack, the least sample size required to recover a full AES key is about 13; the last round AES implementation in OpenSSL v.0.9.8j, which abandoned the T4 lookup table, cannot secure itself from the access driven Cache timing attack; the attack results strongly verify the correctness of the quantitative Cache information leakage theory and kev analvsis methods above.