Preventing information leakage during program execution is essential for modern applications. This paper proposes a model to prevent information leakage for objectoriented systems, which is based on role-based access control (RBAC). It is named MRBAC/AR (modified RBAC for both intrA- and inteR-application information flow control) because it is a modification of RBAC96. It offers the following features: (a) adapting to dynamic object state change, (b) adapting to dynamic role change, (c) avoiding Trojan horses, (d) detailing access control granularity to variables, (e) controlling method invocation through argument sensitivity, (f) allowing declassification, (g) allowing purpose-oriented method invocation, (h) precisely controlling write access, and (i) preventing both intra- and inter-application information leakage. We evaluated MRBAC/AR through experiments. The evaluation result is also shown in this paper.