On the cloud system, guest domains for cloud customers can be attacked by one of administrators with privilege or remote hackers who can compromise management tools. Therefore, the customers need a guarantee that their domains run on the secure environment with a protection against them. In this paper, we examine the security issues incurred by I/O model of hypervisors with a management domain, and propose an isolated mini-domain to protect the guest domains under the untrustworthy environment by addressing those issues.