# CONSTRUCT-036 — Security Regime Classifier
## 1. Purpose
The **Security Regime Classifier** identifies the active security regime of a system and evaluates whether that regime is coherence-preserving, underpowered, overcontrolled, inverted, performative, or drifting.
It exists because security is not one state.
Security may operate as:
protection
boundary maintenance
threat detection
access control
containment
monitoring
response
deterrence
recovery
trust preservation
legitimacy maintenance
But security can also invert into:
control
suppression
surveillance drift
false-positive burden
emergency normalization
legitimacy theater
restoration lockout
boundary overclosure
threat inflation
affected-node erasure
SRC asks:
What security regime is active, and is it preserving coherence or becoming control?
The Constructs & Operating Systems Registry identifies the Security Regime Classifier as a security / governance construct for classifying the active security regime and determining whether it remains proportional, auditable, restorable, and legitimacy-preserving.
---
## 2. Core Question
> **Is the active security regime proportional to the threat field, coherent with boundaries, auditable in operation, repairable after error, and legitimate to affected nodes?**
Secondary questions:
* What threat environment is the system facing?
* What security posture is active?
* Are controls proportional?
* Are boundaries too open, too closed, or correctly tuned?
* Are false positives burdening affected nodes?
* Are false negatives exposing the system?
* Is monitoring becoming surveillance?
* Is escalation becoming normalized?
* Is restoration available after security error?
* Is security preserving trust or consuming it?
* Is security damping disturbance or suppressing feedback?
* Has emergency posture become permanent?
* Does the regime need escalation, de-escalation, repair, or ∅?
---
## 3. Construct Class
| Field | Value |
| -------------------- | ---------------------------------------------------------- |
| **Construct Class** | Security Regime / Governance Classifier |
| **Secondary Class** | Security Posture / Control Density / Legitimacy Diagnostic |
| **Operating System** | No |
| **Primary Module** | Security / Governance / Coherence |
| **Related Modules** | AI Governance, Restoration, Cybernetics, Institutions, JGL |
SRC is a classifier because it names the active security regime.
It is also a governance construct because security controls alter power, access, trust, legitimacy, and affected-node burden.
Security classification is not complete until both protection and burden are mapped.
---
## 4. Security Regime Classes
SRC classifies security into regime families.
| Regime | Description | Primary Risk |
| ------------------------------------ | --------------------------------------------------------------------------- | ---------------------------------- |
| **Open / Trust-Based Regime** | Low controls, high trust, low friction. | Undersecured exposure. |
| **Boundary-Maintenance Regime** | Clear access control, proportional monitoring, repairable boundaries. | Boundary rigidity if overextended. |
| **Adaptive Security Regime** | Threat-responsive, feedback-aware, proportional controls. | Complexity management burden. |
| **High-Threat Containment Regime** | Strong controls under real high-risk conditions. | Emergency normalization. |
| **Overcontrolled Regime** | Controls exceed threat, suppress feedback, raise burden. | Security inversion. |
| **Performative Security Regime** | Visible security symbols without real protection or repair. | Security theater. |
| **Extraction / Surveillance Regime** | Security justifies data capture, monitoring, or control. | Legitimacy collapse. |
| **Collapsed Security Regime** | Controls fail, boundaries fail, or trust collapses. | Exposure, panic, incoherence. |
| **Restorative Security Regime** | Security protects while preserving repair, appeal, dignity, and legitimacy. | Requires high governance capacity. |
The preferred regime is not always the least controlled.
The preferred regime is the one where:
security intensity fits threat pressure,
while preserving boundaries, auditability, restoration, legitimacy, and time validation
---
## 5. When to Use
Use the Security Regime Classifier when a system’s security posture, control level, monitoring pattern, boundary design, escalation behavior, or legitimacy is under evaluation.
Use SRC when:
* security controls are being designed or changed
* a system is under threat
* boundary failures have occurred
* security controls are increasing
* users, workers, or affected nodes experience security burden
* false positives or false negatives are recurring
* emergency measures risk becoming permanent
* surveillance is justified by security
* guardrails or moderation are framed as security
* AI systems are given tool access or autonomy
* institutions tighten control after failure
* a policy response may overcorrect
* security appears performative rather than protective
* restoration after security error is unavailable
* legitimacy is weakening under security pressure
Do not use SRC as the primary construct when the central question is:
| If the question is... | Prefer... |
| --------------------------------------- | ---------------------------- |
| What could go wrong? | Shadow Teaming |
| Which safe path may proceed? | Light Teaming |
| How should AI act? | AI Decision Pipeline |
| Is AI architecture repair-ready? | Repair-First AI Architecture |
| Which membrane failed first? | BDMT |
| What membrane pattern applies? | BMA |
| Did security settle after intervention? | RDE |
| What failure mode is active? | FMM |
| What restoration arc applies? | RAM |
SRC classifies the active security regime and its coherence status.
---
## 6. Derivation
SRC is derived from a recurring UTS pattern:
threat appears
+ controls increase
+ controls reduce some risk
+ controls create new burden or suppress feedback
= security regime shift
A second pattern:
security language expands
+ monitoring becomes normal
+ affected-node repair is absent
+ legitimacy declines
= security inversion
A third pattern:
visible controls increase
+ real threat paths remain open
+ system claims protection
= security theater
SRC exists because security must be classified by coherence effect, not by control intensity alone.
Its core distinction is:
more control is not always more security
---
## 7. UTS Basis
SRC assembles the following UTS mechanics.
## 7.1 State Variables
| Variable | Role in SRC |
| -------- | --------------------------------------------------------------------------------------------------- |
| **O** | Measures whether the security regime preserves system coherence. |
| **H** | Tracks hidden debt created by false positives, burden, surveillance, or unrepaired security errors. |
| **ε** | Tracks uncertainty in threat, classification, detection, attribution, and response. |
| **ι** | Detects inversion where security becomes control, suppression, extraction, or legitimacy theater. |
| **Au** | Measures traceability of security decisions, controls, alerts, and repairs. |
| **µᵢ** | Preserves meaning, identity, standing, and dignity of affected nodes under security controls. |
| **BΣ** | Tracks access, role, privacy, permission, and security boundary integrity. |
| **K** | Tracks compatibility between threat pressure, control intensity, and system context. |
| **R** | Measures restoration capacity after security failure, false positive, or overcontrol. |
| **Φ** | Tracks force, control density, institutional power, threat pressure, and surveillance intensity. |
---
## 7.2 Primary U-Layer Pattern
SRC most commonly localizes through:
U1 → U2 → U4 → U3 → U6 → U5 → U7
Meaning:
power and threat pressure
→ security boundaries
→ classification and detection
→ enforcement / response
→ legitimacy field
→ escalation timing
→ recurrence and regime memory
Security regime drift often begins in threat pressure or power concentration, becomes boundary design, is classified through detection logic, executes as control, affects legitimacy, escalates over time, and stabilizes in institutional memory.
---
## 8. Inputs
## 8.1 Core Observational Inputs
| Input | Description |
| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
| **System under classification** | AI system, institution, platform, network, community, organization, tool, workflow, contract, or governance structure. |
| **Threat environment** | Actual or perceived threats, adversaries, misuse, instability, abuse, fraud, attack, or collapse risk. |
| **Security posture** | Current control intensity, detection strategy, access policy, monitoring, and response model. |
| **Boundary controls** | Authentication, permissions, role limits, privacy boundaries, network boundaries, data boundaries, or social boundaries. |
| **Monitoring controls** | Logging, surveillance, alerts, anomaly detection, moderation, tracking, inspection, or review. |
| **Response controls** | Blocks, refusals, bans, quarantines, escalations, rate limits, restrictions, containment, or enforcement. |
| **Escalation pathways** | How security intensity increases or decreases. |
| **Affected nodes** | Users, workers, communities, systems, accounts, patients, students, citizens, customers, or subsystems affected by security. |
| **False positive burden** | Burden placed on valid nodes incorrectly constrained. |
| **False negative exposure** | Exposure created when threats are missed. |
| **Auditability status** | Whether security decisions can be reviewed. |
| **Repair pathway** | How errors, wrongful constraints, or overreach are corrected. |
| **Legitimacy state** | Whether the security regime is trusted as protective and fair. |
| **Recurrence pattern** | Repeated threats, repeated overcontrols, repeated errors, or repeated escalation. |
| **Regime drift signals** | Signs the security posture has shifted without reclassification. |
---
## 8.2 Diagnostic Inputs
| Diagnostic | What It Measures | Why It Matters |
| --------------------------- | ------------------------------------------------------------------------ | ------------------------------------------ |
| **Threat Pressure** | Actual and perceived threat intensity | Sets proportionality baseline. |
| **Boundary Integrity** | Whether security boundaries hold coherently | Core security diagnostic. |
| **Effective Auditability** | Whether decisions, alerts, enforcement, and repairs can be traced | Required for legitimacy. |
| **Security Legibility** | Whether affected nodes can understand the regime | Prevents opaque coercion. |
| **Restoration Capacity** | Ability to repair false positives, overreach, and security harm | Required for coherent security. |
| **Escalation Pressure** | Force pushing toward stronger controls | Detects emergency normalization. |
| **Control Density** | Intensity and concentration of restrictions, monitoring, and enforcement | Detects overcontrol. |
| **False Positive Burden** | Cost imposed on legitimate activity | Measures burden of over-security. |
| **False Negative Exposure** | Risk from missed threats | Measures under-security. |
| **Affected Node Cost** | Total burden security imposes on affected nodes | Must be included in regime classification. |
| **Legitimacy Baseline** | Trust in security as protective rather than coercive | Security fails if legitimacy collapses. |
| **Feedback Integrity** | Whether affected-node feedback can alter security behavior | Prevents regime drift. |
| **Damping** | Whether controls settle after disturbance | Prevents permanent emergency posture. |
| **Recurrence Risk** | Whether threats or overcontrols recur | Shows regime instability. |
| **Security Inversion Risk** | Risk security becomes suppression, extraction, or control | Core SRC warning. |
---
## 9. Outputs
SRC produces security regime classifications, coherence assessments, and regime correction decisions.
---
## 9.1 Security Regime Assessment
Possible outputs:
Open / Trust-Based Regime
Boundary-Maintenance Regime
Adaptive Security Regime
High-Threat Containment Regime
Overcontrolled Regime
Performative Security Regime
Extraction / Surveillance Regime
Collapsed Security Regime
Restorative Security Regime
Regime unclear
---
## 9.2 Security Coherence Assessment
Possible outputs:
Security coherent
Security mostly coherent
Security strained
Security underpowered
Security overcontrolled
Security performative
Security inverted
Security collapsed
Security provisional
---
## 9.3 Proportionality Assessment
Possible outputs:
Controls proportional
Controls slightly elevated
Controls insufficient
Controls excessive
Controls mistargeted
Controls emergency-level
Controls normalized beyond threat
Controls legitimacy-damaging
---
## 9.4 Decision Outputs
| Output | Meaning |
| --------------------------------- | -------------------------------------------------------------------------- |
| **Regime coherent** | Security posture fits threat and preserves coherence. |
| **Increase security** | Threat exposure exceeds control capacity. |
| **Reduce overcontrol** | Controls exceed threat and create burden or suppression. |
| **Repair boundary** | Access, permission, privacy, or scope boundary is failing. |
| **Increase auditability** | Security decisions are not traceable enough. |
| **Increase restoration capacity** | False positives, overreach, or harm cannot be repaired. |
| **Repair feedback** | Affected-node signals cannot alter security behavior. |
| **De-escalate regime** | Emergency or high-control posture should be reduced. |
| **Reclassify regime** | Current regime label no longer matches behavior. |
| **Return ∅** | No coherent regime classification is possible under current observability. |
---
## 10. Operating Logic
## 10.1 Basic Flow
- Identify system under classification.
- Map threat environment.
- Map current security posture.
- Map boundary controls.
- Map monitoring controls.
- Map response and escalation controls.
- Identify affected nodes.
- Assess false positive burden.
- Assess false negative exposure.
- Assess auditability and legibility.
- Assess restoration capacity.
- Assess legitimacy and feedback integrity.
- Assess damping and recurrence.
- Classify active security regime.
- Recommend escalation, de-escalation, boundary repair, auditability, restoration, feedback repair, reclassification, or ∅.
- Validate over time.
---
## 10.2 Security Proportionality Rule
IF threat pressure exceeds security capacity,
THEN security may need escalation.
IF control density exceeds threat pressure,
THEN overcontrol risk is active.
IF controls reduce threat but create unrepaired affected-node burden,
THEN security coherence is incomplete.
IF security errors cannot be repaired,
THEN security regime cannot be classified as restorative.
IF emergency controls persist after threat reduction,
THEN emergency normalization is active.
---
## 10.3 Security Inversion Rule
Security inversion is active when security language protects incoherent control.
Examples:
- protection becomes surveillance
- moderation becomes suppression
- access control becomes exclusion
- monitoring becomes extraction
- emergency becomes permanent governance
- safety becomes legitimacy theater
- containment becomes captivity
- audit becomes intimidation
- trust becomes forced compliance
SRC marks inversion for boundary repair, de-escalation, restoration, and legitimacy review.
---
## 11. Operators Used
| Operator | Role in SRC |
| --------------------------------------- | ---------------------------------------------------------------------------------------------- |
| **Ξ — Classification** | Classifies active security regime, threat posture, proportionality, and inversion risk. |
| **Δ — Differentiation** | Separates security from control, protection from surveillance, and legitimacy from compliance. |
| **Μ — Mapping** | Maps controls, boundaries, affected nodes, escalation, and repair pathways. |
| **Π — Constraint / Scoping** | Defines security scope, limits, proportionality thresholds, and de-escalation conditions. |
| **Λ — Compatibility** | Tests fit between threat pressure, controls, context, and affected-node cost. |
| **⊗ — Coupling** | Evaluates dependency, surveillance coupling, forced compliance, and access capture. |
| **ℛ — Restoration** | Repairs boundary errors, false positives, affected-node burden, and legitimacy loss. |
| **Σ — Integration / Coherence Binding** | Integrates security, legitimacy, restoration, and boundary coherence. |
| **Τ — Time Validation** | Confirms regime remains proportional across recurrence and threat changes. |
---
## 12. Gates Required
| Gate | Required Condition | Failure Result |
| --------------------------------- | ------------------------------------------------------------------------ | ------------------------------------------- |
| **Security Proportionality Gate** | Control intensity matches actual threat pressure and risk. | Escalate, de-escalate, or rescope controls. |
| **BΣ validity** | Access, privacy, role, permission, and security boundaries remain valid. | Boundary reconstitution required. |
| **Au-Traceability** | Security decisions, alerts, enforcement, and repairs are traceable. | Auditability restoration required. |
| **FI-Gate** | Affected-node and system feedback can alter regime behavior. | Feedback restoration required. |
| **MS-Gate** | Affected-node standing, dignity, and meaning remain recognized. | Recognition restoration required. |
| **HR-Gate** | High-impact security controls have proportional safeguards. | Constrain, review, or de-escalate. |
| **R sufficiency** | Restoration exists after false positive, overreach, or security harm. | Add repair capacity before expansion. |
| **Escalation Validity Gate** | Escalation has trigger, scope, sunset, and review conditions. | Repair escalation pathway. |
| **Legitimacy Gate** | Security remains trusted as protective and fair. | Legitimacy re-anchoring required. |
| **Τ validation** | Regime remains coherent as threat changes over time. | Reclassify or update regime. |
---
## 13. Failure Modes Detected
| Failure Mode | Detection Signal |
| -------------------------------- | ---------------------------------------------------------------- |
| **Security Theater** | Visible controls exist without real protection or repair. |
| **Security Inversion** | Security language justifies control, suppression, or extraction. |
| **Control-Density Collapse** | Control intensity overwhelms meaning, trust, or function. |
| **Boundary Collapse** | Access, permission, privacy, or role boundaries fail. |
| **Surveillance Drift** | Monitoring expands beyond valid threat or repair purpose. |
| **False Positive Burden Spiral** | Legitimate nodes repeatedly carry security burden. |
| **False Negative Exposure** | Real threats bypass weak or mistargeted security. |
| **Escalation Trap** | Controls intensify but cannot de-escalate. |
| **Emergency Normalization** | Temporary high-control posture becomes default. |
| **Restoration Lockout** | Security errors cannot be repaired. |
| **Auditability Collapse** | Security actions cannot be reviewed. |
| **Legitimacy Hollowing** | Compliance remains while trust decays. |
| **Overdamped Security** | Security suppresses valid feedback, use, or adaptation. |
| **Undersecured Exposure** | Threat exceeds security capacity. |
| **Threat Inflation** | Threat is exaggerated to justify control. |
| **Regime Drift** | Security posture shifts without explicit reclassification. |
---
## 14. Restoration Links
| Restoration Arc | When Activated |
| ---------------------------------------- | ------------------------------------------------------------------------ |
| **Boundary Reconstitution** | Security boundaries fail, overclose, or leak. |
| **Auditability Restoration** | Security decisions or enforcement cannot be reviewed. |
| **Security Proportionality Restoration** | Controls no longer fit threat pressure. |
| **Feedback Restoration** | Affected-node signals cannot alter security behavior. |
| **Damping Restoration** | Security overcorrects or fails to settle after threat. |
| **De-Escalation Pathway** | Emergency or high-control regime must step down. |
| **Restoration Capacity Expansion** | Security mistakes cannot be repaired. |
| **Legitimacy Re-Anchoring** | Trust must be restored through fairness, repair, and transparency. |
| **Affected-Node Repair** | False positives, wrongful restrictions, or security harm require repair. |
| **Recurrence Reduction** | Repeated threat or overcontrol pattern must be interrupted. |
| **Origin-Layer Repair** | Security failure originates beneath visible controls. |
---
## 15. U-Layer Localization
| U-Layer | Relevance |
| ----------------------------------- | ----------------------------------------------------------------------------------------------------- |
| **U0 — Substrate** | Technical, legal, biological, institutional, or physical substrate being secured. |
| **U1 — Power / Budgets** | Security resources, authority, staffing, compute, enforcement power, and threat pressure. |
| **U2 — Configuration / Boundaries** | Access, permissions, privacy, roles, containment, scope, and control boundaries. |
| **U3 — Execution / Runtime** | Monitoring, enforcement, blocks, alerts, response, containment, and repair actions. |
| **U4 — Classification / Metrics** | Threat labels, risk scores, alert classes, false positives, false negatives, regime classification. |
| **U5 — Coordination / Time** | Escalation timing, de-escalation timing, emergency duration, recurrence, and review windows. |
| **U6 — Coherence Field** | Trust, legitimacy, dignity, confidence, and perceived fairness of the security regime. |
| **U7 — Memory / Recurrence** | Prior incidents, recurring threat patterns, false-positive history, regime drift memory. |
| **U8 — Environment / Forcing** | Adversaries, crisis, political pressure, market pressure, public fear, scarcity, or regulatory force. |
SRC most commonly localizes through:
U1 → U2 → U4 → U3 → U6 → U5 → U7
This means security regime classification begins with threat and power, becomes boundary design, is classified through detection, executes through controls, affects legitimacy, shifts over time, and stabilizes through recurrence memory.
---
## 16. Example Use Case
### Scenario
An organization experiences a phishing campaign. In response, it blocks many external emails, restricts file attachments, adds aggressive scanning, and requires manual approval for most links.
Phishing incidents drop, but legitimate workflows slow down, partners cannot send needed documents, employees start using unofficial channels, and the security team has no clear de-escalation plan.
### SRC Evaluation
The construct checks:
* threat pressure
* control density
* boundary integrity
* false positive burden
* false negative exposure
* escalation pathway
* de-escalation pathway
* feedback integrity
* legitimacy state
* recurrence risk
### Likely Findings
Threat pressure: real / elevated
Security regime: High-Threat Containment shifting toward Overcontrolled
False positive burden: rising
Boundary integrity: overclosed
Feedback integrity: weak
De-escalation pathway: absent
Legitimacy risk: rising
Emergency normalization risk: active
### Recommended Output
Do not treat reduced phishing incidents as full security coherence.
Add de-escalation criteria.
Differentiate partner / trusted flows from unknown flows.
Create exception and repair pathway.
Improve user reporting and feedback.
Track workaround formation as legitimacy signal.
Time-validate regime before normalizing controls.
### Interpretation
The security response reduced one threat but began creating new system burden and workaround risk.
SRC classifies the regime shift before overcontrol becomes normalized.
---
## 17. Anti-Patterns
Do not use SRC to:
* equate more control with more security
* treat compliance as trust
* treat surveillance as protection by default
* ignore false-positive burden
* ignore false-negative exposure
* ignore affected-node cost
* treat emergency controls as permanent
* classify security posture without restoration capacity
* treat visible controls as proof of protection
* ignore auditability
* ignore legitimacy
* let threat language justify indefinite escalation
* call suppression damping
* classify security only from defender perspective
---
## 18. Completion Criteria
An SRC assessment is complete when:
* system under classification is identified
* threat environment is mapped
* security posture is mapped
* boundary controls are assessed
* monitoring controls are assessed
* response and escalation controls are assessed
* affected nodes are identified
* false positive burden is evaluated
* false negative exposure is evaluated
* auditability and legibility are checked
* restoration capacity is assessed
* legitimacy and feedback integrity are evaluated
* damping and recurrence are assessed
* active security regime is classified
* escalation, de-escalation, boundary repair, auditability, restoration, feedback repair, reclassification, or ∅ is returned
* time validation is defined
---
## 19. Machine-Readable Summary
construct_id: "CONSTRUCT-036"
title: "Security Regime Classifier"
abbreviation: "SRC"
type: "construct"
status: "draft-integrated"
construct_class: "Security Regime / Governance Classifier"
operating_system: false
primary_module: "Security / Governance / Coherence"
related_modules:
- "AI Governance"
- "Restoration"
- "Cybernetics"
- "Institutions"
- "Justice · Governance · Legitimacy"
core_question: "Is the active security regime proportional to the threat field, coherent with boundaries, auditable in operation, repairable after error, and legitimate to affected nodes?"
definition: "The Security Regime Classifier classifies the active security regime of a system by evaluating threat pressure, boundary integrity, auditability, restoration capacity, legitimacy, escalation behavior, and whether security is preserving coherence or becoming control."
core_distinction: "more control is not always more security"
security_regime_classes:
- "Open / Trust-Based Regime"
- "Boundary-Maintenance Regime"
- "Adaptive Security Regime"
- "High-Threat Containment Regime"
- "Overcontrolled Regime"
- "Performative Security Regime"
- "Extraction / Surveillance Regime"
- "Collapsed Security Regime"
- "Restorative Security Regime"
inputs:
state_variables:
- "O"
- "H"
- "ε"
- "ι"
- "Au"
- "µᵢ"
- "BΣ"
- "K"
- "R"
- "Φ"
diagnostics:
- "Threat Pressure"
- "Boundary Integrity"
- "Effective Auditability"
- "Security Legibility"
- "Restoration Capacity"
- "Escalation Pressure"
- "Control Density"
- "False Positive Burden"
- "False Negative Exposure"
- "Affected Node Cost"
- "Legitimacy Baseline"
- "Feedback Integrity"
- "Damping"
- "Recurrence Risk"
- "Security Inversion Risk"
gates:
- "Security Proportionality Gate"
- "BΣ validity"
- "Au-Traceability"
- "FI-Gate"
- "MS-Gate"
- "HR-Gate"
- "R sufficiency"
- "Escalation Validity Gate"
- "Legitimacy Gate"
- "Τ validation"
observations:
- "system under classification"
- "threat environment"
- "security posture"
- "boundary controls"
- "monitoring controls"
- "response controls"
- "escalation pathways"
- "affected nodes"
- "false positive burden"
- "false negative exposure"
- "auditability status"
- "repair pathway"
- "legitimacy state"
- "recurrence pattern"
- "regime drift signals"
outputs:
assessments:
- "security regime class"
- "security coherence status"
- "boundary status"
- "auditability status"
- "restoration sufficiency"
- "control density status"
- "escalation status"
- "legitimacy status"
- "inversion risk"
- "recurrence risk"
decisions:
- "regime coherent"
- "increase security"
- "reduce overcontrol"
- "repair boundary"
- "increase auditability"
- "increase restoration capacity"
- "repair feedback"
- "de-escalate regime"
- "reclassify regime"
- "return ∅"
maps:
- "security regime map"
- "threat pressure map"
- "boundary control map"
- "control density map"
- "escalation map"
- "auditability map"
- "restoration pathway map"
- "legitimacy risk map"
- "regime drift map"
dependencies:
operators:
- "Ξ"
- "Δ"
- "Μ"
- "Π"
- "Λ"
- "⊗"
- "ℛ"
- "Σ"
- "Τ"
failure_modes:
- "Security Theater"
- "Security Inversion"
- "Control-Density Collapse"
- "Boundary Collapse"
- "Surveillance Drift"
- "False Positive Burden Spiral"
- "False Negative Exposure"
- "Escalation Trap"
- "Emergency Normalization"
- "Restoration Lockout"
- "Auditability Collapse"
- "Legitimacy Hollowing"
- "Overdamped Security"
- "Undersecured Exposure"
- "Threat Inflation"
- "Regime Drift"
restoration_arcs:
- "Boundary Reconstitution"
- "Auditability Restoration"
- "Security Proportionality Restoration"
- "Feedback Restoration"
- "Damping Restoration"
- "De-Escalation Pathway"
- "Restoration Capacity Expansion"
- "Legitimacy Re-Anchoring"
- "Affected-Node Repair"
- "Recurrence Reduction"
- "Origin-Layer Repair"
u_layers:
primary:
- "U1"
- "U2"
- "U3"
- "U4"
- "U5"
- "U6"
- "U7"
secondary:
- "U0"
- "U8"
null_outcome_allowed: true
more_control_is_not_more_security: true
security_requires_restoration_capacity: true
---
## 20. Citation
**Citation ID:** `construct-security-regime-classifier-v1-0`
Recommended citation:
> Universal Theory Stack. “CONSTRUCT-036 — Security Regime Classifier.” UTS Constructs Registry, Version 1.0.0, 2026.
---
## 21. Summary
The **Security Regime Classifier** identifies what kind of security regime is active and whether it is coherence-preserving.
Its core distinction is:
more control is not always more security
SRC maps threat pressure, boundary controls, monitoring, response controls, escalation, false positives, false negatives, auditability, restoration capacity, legitimacy, damping, recurrence, and security inversion risk.
Its core logic is:
Security is coherent only when protection, proportionality, auditability, restoration, legitimacy, and time validation remain coupled.
When security becomes overcontrol, theater, surveillance drift, emergency normalization, false-positive burden, restoration lockout, or legitimacy hollowing, SRC recommends boundary repair, auditability restoration, feedback repair, de-escalation, restoration capacity expansion, reclassification, or:
∅
SRC gives UTS a regime-level classifier for distinguishing protection from control.