In the paradigm of infrastructure-as-a-service cloud computing involving an Internet of Things network, customers outsource their infrastructure to the cloud. An outsourced infrastructure is a virtual infrastructure that mimics the physical infrastructure of the precloud era; it is therefore referred to as a tenant network (TN) in this paper. This practice draws upon the notion of TN abstraction , which specifies how TNs should be managed. However, current virtual software-defined network (SDN) technology uses an SDN hypervisor to attain TNs, where the cloud administrator is given much-more-than-necessary privileges; thus, not only could violation of the security principle of least privilege occur, but the threat of a malicious or innocent-but-compromised administrator may be present. Motivated by this need, we propose the specification of TN abstraction, including its functions and security requirements. Then, we present a platform-independent concretization of this abstraction called TNGuard , which is an SDN-based architecture that protects the TNs while removing unnecessary privileges from the cloud administrator. In order to show that TNGuard concretizes the TN abstraction, we present an instantiation of TNGuard on the Xen virtualization platform with the Ryu controller. Experimental results show that the resulting system is practical, incurring a small performance overhead.