A process issues a transaction to manipulate objects. The transaction is assigned with a purpose which is a subfamily of roles granted to the process. Suppose a transaction T1 writes an object o2 after reading an object o1 and then another transaction T2 reads the object o2 and writes an object o3. Here, data in the object o1 might flow into the object o3 via the object o2. Unless T2 is granted a read access right of the object o1, illegal information flow occur. In order to prevent the illegal information flow, T1 marks the object o2 with the purpose of T1. T2 cannot read o2 unless the purpose of T2 includes a read right of o1. In result, the throughput is degraded. Objects whose information may flow into an object o are source objects of o. If the source objects are written, a purpose mark on the object o is released. In addition, an object o might have some lifetime lambda when o's data has to be secure since the data is created. If it takes lambda time units since the object o is marked, the purpose mark is released. While there occur no illegal information flow in our purpose marking (PM) protocol, transactions which imply illegal information flow are aborted. We evaluate the PM protocol in terms of how many transactions are aborted.