A NILE-to-VEREFOO Translator for Intent-Based Network Security Automation

The rapid evolution of network infrastructures, driven by paradigms such as Software-Defined Networking (SDN), Network Function Virtualization (NFV), cloud computing, and the Internet of Things (IoT), has significantly increased the complexity of configuration and management tasks. In this context, Intent-Based Networking (IBN) introduces a paradigm shift: it allows operators to express high-level objectives (intents) without specifying their technical implementation. However, a key challenge remains the correct and verifiable translation of these intents into enforceable configurations, especially in the security domain. This thesis investigates this translation problem by focusing on the interoperability between NILE (Network Intent LanguagE), an intermediate and human-readable intent language, and VEREFOO, a framework developed at Politecnico di Torino for the automation and formal verification of network security policies. After a comparative analysis of the semantics, input, and output models of the two systems, a translation model is proposed to map NILE constructs into VEREFOO's XML-based representation. A prototype translator has been implemented to automate this process, enabling the conversion of NILE intents into valid VEREFOO input files. The tool has been validated through a series of case studies on different network topologies. The results confirm the feasibility of semantic translation as a bridge between intent-based specification and automated verification frameworks. This work represents a step toward the development of intent-driven network security systems that are more accessible, reliable, and less dependent on specialized expertise, paving the way for future research on AI-assisted intent interpretation and adaptive security automation.