This tutorial is about fault-tolerance and the methods by which this
  property can be certified: specified, verified, even guaranteed by
  construction. The scope of interest is distributed systems operating
  under limited resources and subject to constraints about the value
  and timing of interactions with their environment. The issues, often
  not addressed elsewhere, are: how to support construction of systems
  that can tolerate (provably) multiple faults and how to ensure that
  verification of fault-tolerance is fault-monotonic: having proved we
  can tolerate several faults we must tolerate, provably, any
  combination of them. This document provides the motivation, overview
  and contents of the tutorial.