This model was presented on the 17th National Computer Security Conference in Baltimore, USA, in 1994 by its developer Simone Fischer-Huebner. It follows the rules of the Federal German Privacy Law and the EU directive on privacy.
The model and its implementation in RSBAC are described in detail in our paper for "NISS 98 Conference".
The model focus lies on privacy. Confidentiality, integrity and availability are maintained for personal data and transaction procedures by the definition of necessary accesses.
System control data like general settings or authentification information can only be protected by declaring them as personal data. If this is not possible for some data, they cannot be protected.
This model should be used for storage and processing of personal data. To protect system data without the administration overhead of treating them as personal data, another model, e.g. FC, SIM, RC or ACL, should be used.
Use PM model, if you want to process personal data and need adequate protection.