Asphalion: Trustworthy Shielding Against Byzantine Faults

Asphalion is a Coq-based framework for verifying the correctness of
implementations of fault-tolerant systems. It especially provides
features to verify the correctness of hybrid fault-tolerant systems
(such as the MinBFT protocol
http://www.di.fc.ul.pt/~bessani/publications/tc11-minimal.pdf), where
normal components (that can for example fail arbitrarily) trust some
special components (that can for example only crash on failure) to
provide properties in a trustworthy manner.  Asphalion allows running
such trusted-trustworthy components inside Intel SGX enclaves.
More details are provided here:
https://vrahli.github.io/articles/asphalion-long.pdf