Major infrastructure-as-a-cloud (IaaS) providers have recently been building marketplaces of “cloud apps,” which are VMs pre-installed with a variety of software stacks. Clients of cloud computing leverage such markets by downloading and instantiating the apps that best suit their computing needs, thereby saving the effort needed to configure and build VMs from scratch.We posit that the notion of cloud apps as defined by these marketplaces is nascent and does not allow apps to leverage the benefits of virtual machine (VM) introspection technology developed over the past decade. We envision a marketplace of apps that can interact with client VMs in a rich set of ways to provide a number of services that are currently supported only by cloud providers. This allows clients to deploy services such as VM introspection-based security tools and network middleboxes on their work VMs without requiring the cloud provider to deploy these services on their behalf.This paper presents models to support such a marketplace of expressive cloud apps. We present a study of the design space of these models to understand their performance and deployment tradeoffs. We also consider the design of a permissions-based framework to contain untrusted third-party cloud apps. Finally, we demonstrate the utility of our models by building and evaluating a number of security tools built as cloud apps.