Centralized Context-Aware Firewall configuration in Virtual Network

Modern virtualized networks require dynamic and automated security configurations to avoid vulnerabilities caused by manual setups. This project presents a system that generates and configures firewall rules automatically based on high-level Network Security Requirements (NSRs) specified by administrators. Initially, the administrator uploads a Security Graph (SG), which contains a list of Access Points (APs) representing logical network nodes. Next, the administrator defines NSRs by specifying the source AP, destination AP, and action (ALLOW or DENY) to control network traffic behavior. The system processes these NSRs to compute the optimal placement of firewall instances, generate a minimal and anomaly-free set of firewall rules, and enforce the required security policies with default behaviors like whitelisting or blacklisting. This approach formally guarantees the correctness of the solution, i.e., that all security requirements are satisfied, and it minimizes the number of needed firewalls and firewall rules. This methodology is extensively evaluated using different metrics and tests on both synthetic and real use cases, and compared to the state-of-the-art solutions, showing its superiority.