Although cloud computing is an emerging computing service model, its unique features raise the issue of security, particularly with regard to the confidentiality of data. Moreover, the devices used with this approach often have relatively low computing power. This study integrates the concepts of both context and attributes to propose a fine-grained data access control model. To reduce the computational overhead, and thus raise efficiency while enabling devices with low computing power to operate properly, the proposed model employs lightweight cryptographic operations on the user side, and uses a trusted data control server to be responsible for granting and revocation of user privileges, instead of the data owner.