You are forgetting system layering.
EG and SAS ride on top of an OS and underlying systems.
EG is running on a workstation, only.
EG uses SAS's Integration Technologies (IT) to start and connect to a remote SAS session.
BUT, that remote thing is on a remote box, a separate piece of hardware from the workstation, with a different OS between the box and SAS. Part of IT services is connecting to the OS on the box, not just SAS. That is the authentication method that you specified for EG, but, if the OS/box has a timeout feature to it, it is outside the control of SAS, and since it is between SAS and the box, it can override anything SAS may want to do.
All processing on a box is controlled by the OS kernel's scheduler. All modern OS's are pre-emptive, which means that the OS can take control of the processor away from a user process (the scheduler can take control away from most any other process), whenever it wants to. The scheduler's all have prioritization schemes, all of which mean that some higher priority processes get to run on the processor before others with lower priority. The security features will run at a higher priority and can check on stuff and terminate/kill things in-spite of what those things may think they can do.
This layering is generally refered to as "layer" or "ring".
Some of these layers/rings are hardwired into processors for security/control reasons.
The lowest layer used to be layer 1 where the kernel lives.
Now the lowest layer is "ring 0" where a "hypervisor" lives to control virtual machines/servers. A guest OS then is rooted in ring 1, with User/application programs running in rings 3 or 4 or some such. Interrupt handlers live either in ring 1 or ring 2. Device drivers usually are in layer 2 or 3. Other OS services may run in layers 2, 3, or 4, depending on criticality. After that, there are the priority schemes of the scheduler itself. Again, interrupt handlers, besides running in a lower ring, also generally have a "higher" priority. So that they can get their work done, reading from disk, interacting with the network adapter, etc.
While EG and SAS may be talking to each other, that communication is contained within layers of networking protocols:
1) the physical electronics and physics of transmitting/receiving the data from one device to another (switch port to NIC port on the server).
2) the data link layer that controls the meaning/grouping of the ordered 1's and 0's decoded by the electronics into bytes of data.
3) the network/IP layer that manages the sending and receiving of packets of data from one box to another (why there is an ip address).
4) The session layer (TCP/UDP) that packetizes the data and controls the quality of service of the communications (ordering, connectedness, successful reception, etc.)
The OSI model has 7 layers, I remember the presentation and application layers, but forget one of the layers to make all 7.
The TCP/IP stack is contained within the OS and there maybe/are security attachments/hooks that are controlled within the OS below SAS. A local software firewall is such a hook/attachment that has priority/control over any application's (SAS's) communications. Even a hardware firewall can sit between the workstation and the server, and interfere with SAS's functioning, outside of SAS's control/configuratino.