Use one NIC to create multiple interfaces for Linux KVM

I am working on a thesis research project, and I am having some difficulty figuring out how to make one NIC spawn several "bridge" interfaces such that each KVM VM can be seen on the local network. I am very new to KVM, and am still exploring what it can do. Below is the scenario that I am attempting to make (on a CentOS/RHEL 6 system):

1. Linux KVM Host has 1 NIC (eth0) connected to a switch.
2. Create multiple "bridge" or equivalent interfaces that are spawned off of eth0 that would provide a unique IP for each VM. This is so that each VM can communicate with other hosts on the network, and that other hosts on the network can communicate with the VM.
3. IMPORTANT: I would like iptables on the KVM host to be able to manipulate/control/restrict the traffic that would be sent on those "bridge" interfaces.
4. I would like to create a minimum of three VM's, each using their own unique "bridge" interfaces.

I have previously made a br0 interface off of eth0, but unfortunately, I am unable to add any more to it. It appears that you can only bridge 1 interface to the NIC. I would like to bridge many to one.

Would a tap device be able to do this? If so, how would it be set up?

Effectively, I am attempting to replicate what can easily be created with VirtualBox on Windows, where each VM is given a "bridged" interface, and can live on the network. I want to achieve this very same thing with Linux KVM.

Thank You

EDIT: To be more descriptive, I want to achieve something that looks like this:

This can be found on this page: http://en.gentoo-wiki.com/wiki/KVM#Networking_2

              HOST
        +---------------+
        |               |      KVM GUEST1
        |               |   +--------------+
        |  +------+     |   |              |
 LAN ---+--- eth0 |  +--+---+---- nic0     |      KVM GUEST2
        |  | tap0----+  |   |192.168.1.13  |   +--------------+
        |  | tap1----+  |   +--------------+   |              |
        |  +------+  |  |                      |              |
        |     br0    +--+----------------------+---- nic0     |
        |192.168.1.12   |                      |192.168.1.14  |
        +---------------+                      +--------------+

I am looking at this from the context of VirtualBox, where each VM is set to "bridged". So, basically, you only need one bridge, and each VM gets a unique IP from that?

the bridge bridges the virtual NICs to the physical one, so the VMs end up on the same physical network as eth0 of the host. To assign IPs you need a DHCP server on this network. This is exactly how vbox's and every other "bridged" network works, the difference being, vbox sets up the bridge for you

Would this allow me to utilize iptables on the host to perform individualized restrictions for each VM that is connected to the bridge? I don't want to restrict every VM all at once, just specific ones.

You can play with IP or MAC rules but pushing all the bridge traffic through iptables will harm performance. It is usually better to set up firewalls inside the VMs as you see fit

The research I am attempting to perform is to more or less "jail" the VM's, such that if they violate a pre-defined policy, the host can restrict their network access on the fly.

I am actually in the process of researching about tap devices, since I don't know anything about them. If you can add how to do that to your original answer, I will mark it as the answer.

Please see the edited change to the original question. Thank You.