Abstract: This study proposes a role-based access control (RBAC) model to prevent information leakage within object-oriented systems. It is named ERBAC (extended role-based access control) because it is an extension of RBAC96. If offers the following useful features: (a) adapting to dynamic object state change, (b) adapting to dynamic role change, (c) avoiding Trojan horses, (d) detailing access control granularity to variables, (e) allowing declassification, (f) allowing purpose-oriented method invocation, and (g) controlling write access precisely. We evaluated ERBAC through experiments. The evaluation result is also shown in this study.