Virtualization is not a security implementation. I've been saying this for years and I'll continue to keep my tinfoil hat on.<p>As Theo DeRaadt said<p><pre><code> You are absolutely deluded, if not stupid, if you think that
a worldwide collection of software engineers who can't write
operating systems or applications without security holes,
can then turn around and suddenly write virtualization
layers without security holes.
</code></pre>
I caught someone in a meeting last week trying to sell another employee on the security benefits of virtualization and I nearly bit my tongue off.
The paper only talks about T-table AES implementation,
but it should probably mention at countermeasures this paper "Faster and timing-attack resistant AES-GCM" by Emilia Käsper and Peter Schwabe at CHES 2009, which I found when looking at 'No data-dependent array indices' feature of NaCl:
<a href="http://nacl.cr.yp.to/features.html" rel="nofollow">http://nacl.cr.yp.to/features.html</a>