Abstract: With the rapid development of cloud computing technology, many enterprises will gradually delegate confidential data to the cloud storage service providers. The confidentiality of data becomes a crucial issue in cloud storage environments, and the ciphertext-based access control technology is an important approach to resolve this issue. However, among the current access control schemes based on the ciphertext, the high security requirements of the cloud data and the high frequence of policy update make excessive cost on updating permissions, and then seriously restrict the overall efficiency of the system. To solve this problem, we propose a cryptographic access control strategy for dynamic policy in cloud storage (CACDP), which presents a key management tree of binary Trie based on key derivation, enhancing the security of the key and reducing the number of keys maintained by data owner and user. Based on this, we use the proxy re-encryption mechanism based on ELGamal and double-encryption strategy to transfer partial mission of updating key and data to the cloud servers, in order to reduce the administrative burden of date owners. Finally, the experimental verification shows that the proposed solution significantly improves the processing efficiency and effectively lowers the performance overhead on policy update for data owners.