In large-scale computing environments, multiple applications may be executing simultaneously for different users on various server computers, and multiple applications may share a single computer by each using a virtual machine that is distinct from other virtual machines on the computer. Such applications can also access resources or services from other server computers in the large-scale computer system. For example, a user may be running an application for managing various forms of content, and the application may need to access copies of the user's content that are stored and managed by a separate sub-system in the overall system.
In such situation, the services may require that the application program provide authentication credentials (e.g., a username and a password) in order to use the services. The authentication credentials may be accessible to the application program or the virtual machine in order to allow the application program or virtual machine to use the authentication credentials to access the services. In another example, a derivative of the authentication credentials that provides access to a limited scope of the services for an unlimited amount of time may be accessible to the application program or virtual machine. However, if the virtual machine is compromised by a malicious user, the malicious user may obtain the user credentials or the derivative of the user credentials, and thus may be able to access the services for an unlimited amount of time.