Abstract: Cloud computing provides an emerging data interactive paradigm, and realizes users’ data remote storage, sharing and computing. Due to the system complexity, network openness, resource concentration, and data sensitivity, the process of the user accessing the cloud server is suffering from severe security threats, which make that the cloud data protection becomes an important issue. This work first introduces the system components, trust model, and attack model, and proposes a ciphertext-policy attribute based encryption (CP-ABE) based data access control protocol to achieve data protection. The proposed protocol applies the semi-group property of Chebyshev chaotic map for authentication, and adopts lightweight CP-ABE scheme for authorization. Meanwhile, the security mechanisms including authentication, access control, and forward security are applied to achieve user identification and data access control. According to the storage requirement analysis, the protocol owns fixed storage requirements in the attribute set and key, avoiding the linear growth of massive data interaction. It turns out that the protocol is secure, reliable and flexible for the large-scale data interactions in the cloud environments.