This user was surprised that he could do:
virt-cat aguest /etc/shadow
and read the shadow password file from a guest. “Is there”, I was asked, “a security model for this?”
Could you encrypt the virtual disk? That will protect the VM while it is (virtually) switched off, but as soon as you boot it up, the encryption key is stored somewhere in guest memory, and the host administrator can read that too.
No security model can help you here. You need to own and manage the hardware yourself, or you need to trust your cloud provider. If your data is at all personally or commercially sensitive, keep it on hardware you physically control.